Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target's phone with root privileges.
Mobile experts from Anubis Networks discovered the problem this week. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoorin the firmware of Chinese firm Shanghai Adups Technology Co. Ltd..
This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group.
Researchers say they've discovered the issue after one of their researchers bought a BLU Studio G smartphone from Best Buy.
They say the smartphone used an insecure Over-the-Air update system, powered by the Ragentek firmware, which contacts remote servers via an unencrypted communications channel. The lack of SSL support means an attacker can carry out a basic Man-in-the-Middle attack and fake responses from the OTA server, sending rogue commands to the user's smartphone.
While there are numerous devices and apps that fail to secure client-server communications via HTTPS, Anubis researchers say the issue goes much deeper.
Read more here: www.bleepingcomputer.com/news/security/second-chinese-firm-in-a-week-found-hiding-backdoor-in-firmware-of-android-devices/