Some Blu smartphone owners got a hidden feature they weren’t quite expecting.
It turned out software from a Chinese company was transmitting all of their text messages other data to China every 72 hours. The vulnerability was discovered by a Kryptowire, an American enterprise security firm.
According to a New York es report it wasn’t clear if the information went beyond the recipient of Shanghai Adups Technology Company, but it impacted Blu R1 HD other phones.
On its website, Adups says it builds firmware that runs on more than 700 million phones. Kryptowire concluded that the data sharing included full contexts of text messages, call logs, contact lists, location information, other data. There was other identifiable information like each phone’s Mobile Subscriber Identity (IMSI) the International Mobile Equipment Identity (IMEI).
Blu oducts told The es that 120,000 of its phones were affected, but the leak was plugged through a software update. Blu is known primarily for low cost phones, such as the Blu R1 HD which recently was part of a special offered by Amazon for $50.
The report says that Adups software was found on both ZTE Huawei phones in China, although it’s unclear if the scope of the data mining effort extends beyond the Blu products. According to the report, Adups assured Blu that all customer information had been destroyed was not part of any intentional effort to keep the data or send to a government agency.
The purpose of saving the information, according to Adups, was to identify client junk text messages calls.
Kryptowire shared its findings with the U.S. government, Blu, . You can check out the full report for details about what it uncovered.
Update 11/16/16 10:00am: A representative from Huawei sent us this official statement, clearing up any possible relationship with the company.
Huawei takes our customers’ privacy security very seriously, we work diligently to safeguard that privacy security. The company mentioned in this report is not on our list of approved suppliers, we have never conducted any form of business with them.
Update 11/16/16 11:00am: received the following official statement from ZTE A:
confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, will not. ZTE always makes security privacy a top priority for our customers. will continue to ensure customer privacy information remain protected.
y this matters: The episode illustrates that data can often pass through many different companies as part of the process of creating a smartphone. ile any crisis may have been averted here, it may give you pause about where you buy your next smartphone which companies have hs in creating all of the software.