BLU is one of the brands that became quite popular in America for its devices with attractive technical specifications at a good price. Similarly, lesser known brands such as Doogee , Leagoo or Infinix . In this blog we have even highlighted several very attractive Android BLU cell phones that were launched a long time ago. Unfortunately, the attractive cost of those devices comes in exchange for something and I am specifically referring to the Android software on those mobiles, which is the most neglected part. It comes with security and privacy issues, some serious..
For example, some time ago it was detected that in the Android software of 2.8 million devices of not very popular brands such as BLU, Doogee, Leagoo, Xolo, Infinix and OTHERS, a rootkit and backdoor system was incorporated , which could allow a attacker take full control of the team, evading their safeguards.
Bitsight, the firm that discovered this problem, counted 55 affected equipment models, the majority of the BLU brand (this is not the first time that a similar problem has been heard from this brand). Of those millions of devices, almost half were equipment from an unknown manufacturer, probably using completely generic or Chinese Android software, and whose large number of users were in the United States, with connections from health entities, government and banks..
Chinese firmware, whose software update URLs fell into the hands of third parties
Technically, the insecurity mentioned was in the software or program that controls the electronic components of these devices, known as "firmware". Instead of being a generic version of Android or developed by these companies, it was one provided by a Chinese company called Ragentek Group.
In this firmware were recorded some web addresses to which the devices connected automatically in search of software. Obviously this was a Ragentek configuration and at the time these addresses must have been the property of this company. The surprising thing is that during this investigation they no longer were, probably because they had not been renewed. Security firm BitSight Technologies took advantage of this situation and acquired ownership of those web domains for investigative purposes. In this way, he basically took control of all the devices that connected to those addresses . From there, BitSight could (if it wanted to) install any application, such as keyloggers or malware , that had full privileges on Android system , without the user knowing. The software on these computers did not verify the digital signature or authenticity of an application that was installed. And everything installed was stored in the directory /data/system , which is where the applications that can do anything on the device are ..
Software that did not encrypt data
To make matters worse, the software on these devices did not encrypt sent and received data. This meant that the user's data could be exposed to a third party who could intercept the communication. The workaround for users of these devices was to always use a VPN app when connecting to a WiFi network or public hotspot.
How do I know if my cell phone is affected?
According to Bitsight, after making its finding public, BLU released a patch to fix this configuration of its devices. If you want to be sure, to check if a device is affected by that Chinese firmware and is connecting to the aforementioned URLs, you have to observe its network traffic with an application like OS Monitor, available for free on Google Play . Specifically, you have to see if there are outgoing connections to the following addresses:
oyag.lhzbdvm.com
oyag.prugskh.net
oyag.prugskh.com
So I shouldn't buy these cell phones?
Unfortunately, the lack of a good Android system, let's say safe and reliable, is a problem for most or perhaps all small or growing brands, since software development is expensive and difficult to assume for these companies. Sometimes it is not even about this, because even the Chinese giant Xiaomi intentionally does the same on its devices (although it is not of the severity mentioned here, that is, to the point that third parties can take control of the applications that are installed on your mobile). If you are going to buy a cell phone from these brands or you have no other option because its price is better, you should bear in mind that the software of these devices is weaker or more vulnerable than that of stronger brands, starting with iPhone, Google Pixel or Samsung . It is the price you must pay to acquire a cheaper cell phone and it is something that you should care if you move money through the cell phone, have accounts or sensitive information stored.
Can a NEW cell phone come with a virus?
Viruses that are not removed even by "formatting" the cell phone
How to remove viruses from your Android device
