Chinese-authored spyware that can be used to track a user’s movements and communications has been found on some 700 million Android smartphones, security researchers said.
The spyware, discovered by Virginia-based Kryptowire, was reportedly authored by Chinese startup Shanghai Adups Technology Company.
“The Department of Homeland Security was recently made aware of the concerns discovered by Kryptowire and is working with our public and private sector partners to identify appropriate mitigation strategies,” said U.S. Department of Homeland Security spokesperson Marsha Catron.
“We also encourage all Americans to take precautions to ensure the security of their data and personal information, including using strong passwords, maintaining up-to-date antivirus software and minimizing the amount of personal data they share online.”
The researchers said the spyware was so well hidden on the devices that it was nearly impossible to detect.
“The traffic was encrypted multiple times and the servers that were being used were also part of the firmware checking and updating process,” Kryptowire Vice President Tom Karygiannis told CyberScoop.
“Even if an average user was able to notice the traffic, he/she would not be able to understand what this traffic was about. Given that this same domain was used for firmware updates, it is highly unlikely that the users or an internet provider for that matter, would have recognized the traffic as [personal identifiable information] transmission because it was camouflaged as part of the firmware updating/checking process.”
Full article: Chinese spyware found on 700 million Android phones (World Tribune)