Researchers from Kryptowire have revealed that over 700 million Android phone users could have potentially been hacked, and are sending text messages and information to China every 72 hours.
Kyrptowire discovered the ‘backdoor’ in the firmware of Android smartphones across the US, with some brands being distributed worldwide.
The backdoor software is developed by Shanghai AdUps Technology, based in China, who claims that the sotware is used to run automatic updates for over 700 million devices. This software is said to be able to view SMS messages, contact lists, calls, location data and other personal data, as well as being able to remotely install and update any applications on the smartphone.
As well as smaller budget Android suppliers, AdUps also provides this software for worldwide handset developers including ZTE and Huawei.
It is not yet clear whether the data collected from the affected handsets is being used for advertising purposes or government surveillance, but the backdoor has been confirmed to be deliberate and not an accidental security flaw.
The secret backdoor was first discovered by Kryptowire on the BLU RI HD smartphone sold by Florida based manufacturer BLU Products, who sell their products in the US and on Amazon.
Approximately 120,000 smartphones are estimated to have the AdUps software installed, and as a result BLU Products are recalling and removing the software from the products. Unfortunately, the software cannot be removed or disabled by the users themselves.
Kryptowire has made other Tech giants including Google and Amazon aware of the software and are warning them of the possible repercussions. Google has already stated that it intends to work with affected devices to resolve the issue.
AdUps have also released a statement explaining that the secret backdoor software was never intended for use in the US and was designed for Chinese mobile manufacturers to monitor behaviour.
One of the bigger brands, ZTE, has said that no ZTE devices in the US have had the AdUps software updated on them and their customer’s privacy and information are their highest priority.