How To: Test for Adups' Spyware on Your Phone& Disable It
Mobile security researchers at Kryptowire recently uncovered spyware preinstalled on hundreds of thousands of Android smartphones by FOTA provider Adups which was gathering personally identifiable information (PII) such as call logs, app usage data, and even the full contents of text messages and sending these to a third-party server—all without the users' knowledge.Don't Miss:These Android Phones Could Be Affected by Adups' Chinese SpywareThe only US phones publicly known to be affected were entry-tier models made by device manufacturer BLU Products. The Florida-based company issued a statement saying that the issue had been resolved following an update by Adups, whom altered the apps responsible (com.adups.fota and com.adups.fota.sysoper) so that they would no longer gather and report any PII.However, upon reaching out to Kryptowire for more details about the report, we learned that this supposed fix might just be sweeping the larger issue under the rug. We asked Kryptowire if the vulnerability was limited to devices with Adups-related packages preinstalled (com.adups.fota, com.adups.fota.sysoper, etc.) and, if so, would disabling those packages solve the issue.The vulnerability is not necessarily limited to the Adups-related packages, but we can only confirm seeing it in the two packages mentioned. The exfiltration application logic can be put into any package and performed assuming the app has the permissions to get the user's PII. On the device, those two apps cannot be disabled by the user, unless you "root" the device and just delete them.Adups has used their remote application (un)installation capabilities to update the com.adups.fota app with one that does not exfiltrate PII on the BLU R1 HD. The old com.adups.fota package that does exfiltrate still exists on the system image. They could use their remote uninstallation capability to remove the new com.adups.fota app (installed on the data partition) and change a few parameters in the server response to begin exfiltration again. This will be the case until they issue a firmware update that replaces the com.adups.fota package on the system image with one that has no capability to exfiltrate PII.
— Ryan Johnson, Senior Mobile Engineer at KryptowireTo sum that up, even though Adups has disabled the spyware, the company has the ability to remotely switch it back on at any time in the future. They can also change the name of the packages responsible—or pretty much anything else they want—without anybody knowing. Clearly, this is an abuse of power and a breach of the trust that people give to companies they purchase products from—especially when it comes to products like smartphones, which are practically a requirement for being a part of our modern society.
How to Test Your Phone for Adups' SpywareHow can you tell if your device is affected—BLU phone or another manufacturer—and what can you do to protect your private information? Normally, as noted by Kryptowire, you would have to root your device to locate the files and disable them. However, there is a workaround to that—you can just download an app (available on both Windows and macOS) called Debloater and take care of this yourself, no root required.We've already got a great guide on using the Debloater program (see Steps 1-2 for installing it), but I'll show you below how to use it to find and disable any Adups firmware on your Android phone. For this walkthrough, I'll be using one of the devices known to be affected, the BLU Energy X 2, which we've purposefully not updated.Don't Miss: Disable ANY Bloatware App on Your Android Device with Debloater (No Root Required)
Step 1: See if Your Phone Is AffectedOnce you have the program installed and your device is ready (with "USB debugging" enabled), connect your phone to the computer with a good USB cable and select Read Device Packages in the upper-left corner of the Debloater window. Debloater will read all of the packages in your device and list them alphabetically. Conveniently, Adups is right up there at the top of the list. If you see those two packages, your device is one of those affected. If not, congratulations!
Step 2: Disable the Adups SpywareSelect the two Adups packages (com.adups.fota, com.adups.fota.sysoper) by marking the check box to the left of their names. Then just hit "Apply" and let Debloater do its magic. If you select "Read Device Packages" again, it should show that the two Adups packages are now blocked. And that's all there is to it. The caveat here is that we don't know if these are the only apps responsible for collecting PII, but if they are, this fix should do the trick.This method does not remove these packages from your device, but it will disable them so they can't communicate back to their servers. If you should ever decide you want to reenable them, just hit up our full Debloater guide to see how that's done.Follow Gadget Hacks on Facebook, Twitter, Google+, and YouTube Follow Android Hacks on Facebook, Twitter, and Pinterest Follow WonderHowTo on Facebook, Twitter, Pinterest, and Google+
Cover photo and screenshots by Carib Guerra/Gadget Hacks
#How to make #Pistol #Pen #Powerful #Simple #Toy Gun @ About GearMan Channel : This channel is all about DIY, How To, Home Made, Great Ideas, simple, funny and entertainment. @ WARNING : My videos are provided only for entertainment and watching purposes only. Please don't try to do what I did in my videos.
How To Make a simple & powerful Pen Gun - Pinterest
A simple and easy tutorial teaching you how to apply the new Substratum OMS themes on your Android phone using the Substratum Theme Engine.
Get a New Look on Android with Nougat's Hidden Theme Engine
iOS 11 Hidden Features! Top 20+ Cool iOS 11 Tips, tricks like hidden dark mode, AirPods Customization, Screen Recording, Control centre tweaks, QR Code scan, iPhone Storage and more! What's your
100+ Coolest New iOS 12 Features You Need to Know
Here's a fun weekend project you can use to add to a common toy. Get a yo-yo with concave sides, a few pieces of thin plastic (like from a CD case) and a few lithium-powered LEDs. Then follow this tutorial and get a yo yo that lights up when you play with it!
LED Yo-Yo Side Caps | Make:
Have you ever wanted to change the status bar on your Android phone or tablet? Maybe you wanted to change the position of the clock, add a battery percentage, or just get a different look. Whatever your reason, there's a simple way to customize your status bar-and it doesn't even require root access.
How to get lollipop, marshmallow or nogut status bar on any
If you have a Google Nexus device that comes with Android 6 Marshmallow or your current device has received the update, there's a hidden Android-themed Flappy Bird game that you can pull up
Android Easter Egg Flappy Bird Game Cheat - YouTube
How to Use a Bluetooth Device. Bluetooth is a wireless technology that has been around for over 20 years. It allows multiple devices to connect, interact, and sync without needing to set up complex networks and passwords.
DIY Bluetooth Speaker: 9 Steps (with Pictures)
The Material Design color system supports alternative colors, which are colors used as alternatives to your brand's primary and secondary colors (they constitute additional colors to your theme). Apps can use alternative colors to establish themes that distinguish different sections.
Unlock a Hidden Network Strength Meter for Your iPhone's
How to Maximize the Speed of Your Internet Connection
A mechanically powered flashlight is a flashlight that is powered by electricity generated by the muscle power of the user, so it does not need replacement of batteries, or recharging from an electrical source. There are several types which use different operating mechanisms.
L.L.Bean Flashlights | Premium Quality, Built To Last
AD
Camcorder XLR Adapters enable you to use mics with XLR connectors with a camera that only has a mini-plug input. Camcorder XLR Adapters are compatible with any kind of camera that features a mini-plug (1/8" or 3.5mm) stereo microphone input. Camcorder XLR Adapters feature a tripod thread at their base to mount onto a tripod.
How do I connect a professional microphone to a camcorder?
How to Download an app to lock the screen of your iPhone or
How to Make a Person Disappear. The act of vanishing someone from thin air doesn't require real magic. It's all an illusion. Despite how elaborate you are, the key to success is in convincing your audience.
Why do my friends disappear from my list? | Facebook Help
0 comments:
Post a Comment