Any story related to the Internet of Things these days will be considered controversial. In the case of one Chinese technology firm, they clearly overstepped their boundaries. Collecting text messages and call records from Android smartphones is one thing, but sending that data to secret servers in China is taking things one step too far. It is evident the IoT sector still has a very long way to go.
Shanghai ADUPS Technology Shows Why Security Is Important
The Chinese company in question is named Shanghai ADUPS Technology. Their service mainly focused on providing wireless software updates for mobile and IoT devices. In fact, this technology comes bundled with major Asian smartphone brands, including Huawei, ZTE, and Blu. This latter company makes affordable yet powerful smartphones.
Unfortunately, when buying a smartphone produced by an Asian manufacturer – particularly the cheaper models- one never knows exactly what they are getting. As it turns out, having sensitive information logged and stolen from users is what makes these devices so affordable. Shanghai ADUPS Technology’s proprietary software gives the company engineers all but full control over the devices it is installed on.
Among the information logged and transmitted are text messages, phone calls, and potentially other information. Once the software logs these details, it then encrypts the information and forwards it to a server in Shanghai. This process repeats itself every 72 hours, which leads to believe the secret server contains a staggering amount of user information.
To make matters even worse, the ADUPS Technology software is not detected as malicious by any mobile security programs. Neither anti-virus nor anti-malware tools will detect anything wrong with it. In fact, the software has been whitelisted by the manufacturers themselves, which creates an even bigger set of problems moving forward.
Even though Shanghai ADUPS Technology claims the majority of “spying features” have been turned off, there is no reason to believe it won’t be switched back on in the future. Nor did the company provide any information as to how many devices have had their data logged. Moreover, no one knows what this sensitive information is being used for in the first place.
All of this goes to show mobile and IoT devices have a lot of security flaws, some of which even come at the core level of device software. When it is impossible to trust software update toolkit manufacturers, things are looking grimmer than ever before. New standards are direly needed, and open source solutions need to be embraced before things get out of hand even more.
Header image courtesy of Shutterstock