/**/


February 23rd 2019


  Buy Issue 3038
Qty:

Articles from this issue:

COVER STORY Something rotten led to fish-kill: perhaps fishy environmentalism

EDITORIAL Resistance grows to Beijing's soft-power push

CANBERRA OBSERVED Climate change: deadly ... to political leaders

TECHNOLOGY Electric cars: UK taxpayers subsidise rich greenies

BANKING ROYAL COMMISSION A step too small?

CYBER SECURITY Chinese smartphone threat extends way beyond Huawei

SOCIETY Such grandeur of spirit

POLITICS John Hewson should have as sturdy a Constitution

FINANCE Hayne royal commission sets agenda for bank reform

FAMILY RELATIONS Dad: a girl's first and most influential love

COMMENTARY Words gone feral: rights and equality

MEDICINE AND CULTURE Book captures tragedy of falling foul of a fanatic

SOCIETY AND CULTURE A dog's life: reflections of a grey nomad

HUMOUR

MUSIC Serialism a killer: Ideas tend to get in the way

CINEMA Cold Pursuit: Revenge served up manic

BOOK REVIEW Why the West and nowhere else

BOOK REVIEW The escalation of horror and atrocity

LETTERS

FAMILY AND SOCIETY The end of Liberalism

SPECIAL EDITORIAL Has Cardinal George Pell been wrongly convicted?

Books promotion page
FONT SIZE:

CYBER SECURITY
Chinese smartphone threat extends way beyond Huawei


by Peter Westmore

News Weekly, February 23, 2019

Australian Government con­cerns over Huawei, a Chinese technology company with close ties to the Chinese Government, have led to the company’s exclusion from building Australia’s 5G network, but there is a more urgent Chinese threat to existing mobile phone users.

This splendid Pudong high rise boasts views
of Sydney Harbour and the Tokyo Tower.

Most existing smartphones, particularly those built by Chinese companies, are at risk due to the installation of system software that can steal information from these phones, and transmit it back to China, without the knowledge or permission of the owner.

Although Apple’s iPhones are manufactured in China, Apple maintains control over both hardware and software, so its phones are not exposed to this security risk. Nor are devices made by companies like Samsung (manufactured in South Korea) or Sony (manufactured in Japan). However, most smartphones are manufactured by smaller companies that supply companies like Telstra and Optus with their home-branded phones.

Older smartphones are particularly at risk of theft of user information.

The issue has received no attention in Australia, but was first revealed by American security company Kryptowire late in 2016. Kryptowire said that information was stolen from users through a program installed on smartphones that is designed to allow the updating of the operating system. A major reason why smartphones are updated is to counter security threats, including the stealing of data.

Protection?

In this case, the program that is supposed to protect you from having your data stolen is being used to steal the data, including the numbers you have dialled, messages and emails, and contacts.

Kryptowire said: “The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the Android devices we tested and were managed by a company named Shanghai Adups Technology Co Ltd.”

Interestingly, Shanghai is the centre of the Chinese Government’s cyber espionage operations, which were identified by another American security company, Mandiant, as operating from buildings in the Shanghai suburb of Pudong. Shanghai Adups Technology’s head office is also located in Pudong.

On its website, Shanghai Adups Technology claimed at the time that its software is built into 700 million mobile phones, and that it had 70 per cent of the world market, across more than 150 countries and regions, with offices in Shanghai, Shenzhen, Beijing, Tokyo, New Delhi, and Miami.

The website also stated that it produced system software that is integrated in more than 400 leading mobile operators, semiconductor vendors, and manufacturers of devices from wearable and mobile devices to cars and televisions.

Kryptowire said: “These devices actively transmitted user and device information, including the full body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).

“The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information.”

Kryptowire added: “The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.”

The company also said that “all of the data-collection and transmission capabilities we identified were supported by two system applications that cannot be disabled by the end user”.

Adups responded by claiming that it needed information to ensure that manufacturers were providing the correct updates and services: “We collect model information, device status, application information, bin/xbin information and summary information from phones and messages, and utilise the information to verify that the appropriate updates and services are sent to the correct devices.”

However, the information collected went far beyond what is required to send correct updates, and is consistent with the Chinese Government’s attempts to control the use of smartphones in China, where most of these are sold.

A further point is that few of these Chinese companies actually send out software updates, including the vital security updates that Google issues each month to all smartphone manufacturers.

Adups said that, when it was asked by manufacturers to disable aspects of the software it provided, it had done so. But smartphones from other manufacturers will continue to contain this software that cannot be uninstalled, and will continue to collect user information and send it to China.

A year after the Kryptowire revelations, security company Malwarebytes issued a warning that another system program from Adups was capable of installing malicious software on users’ phones without their knowledge.




























All you need to know about
the wider impact of transgenderism on society.
TRANSGENDER: one shade of grey, 353pp, $39.99


Join email list

Join e-newsletter list


Your cart has 0 items



Subscribe to NewsWeekly

Research Papers



Trending articles

COVER STORY Budget 2019: The dark side of 'back in the black': no vision

EDITORIAL Religious freedom will be suffocated if ALP elected

EDITORIAL How Scott Morrison routed Labor, the Greens, GetUp and the left media

EUTHANASIA FYI: How to navigate the voluntary assisted 'dying' process

EDITORIAL Political unrest over man-made drought in Murray-Darling Basin

FOREIGN AFFAIRS New Middle East alliance will challenge Saudis

FEDERAL ELECTION The ALP's climate policies will devastate our very way of life



























© Copyright NewsWeekly.com.au 2017
Last Modified:
April 4, 2018, 6:45 pm