Google Search

Custom Search

Friday, 19 December 2014

Palo Alto report - CoolReaper Backdoor found in Andoid Devices sold by Coolpad

Coolpad, the 6th largest manufacturer in the world and 3rd largest in China has been reported to be preloaded their devices with a system backdoor as a recent report by Palo Alto found. Many of Coolpad's devices would be installed with an application operated by Coolpad that allow access to these devices without the user knowing.

Pala Alto received a lot of complaints on their message board, mainly on multiple cases of suspicious activities on Coolpad devices. Based on their research on multiple Coolpad ROMs from mainland China, they found an alarming rate of backdoor dubbed as CoolReaper.

CoolReaper have found to be doing more than just data collection (which is common in Android ROMs) to the extend of giving root access to each devices, enabling Coolpad to install and push advertisement as they pleased. Palo Alto also found that CoolReaper has been given rights to do the followings;

  • Download, install, or activate any Android application without user consent or notification
  • Clear user data, uninstall existing applications, or disable system applications
  • Notify users of a fake over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications
  • Send or insert arbitrary SMS or MMS messages into the phone.
  • Dial arbitrary phone numbers
  • Upload information about device, its location, application usage, calling and SMS history to a Coolpad server

Coolpad intentionally hide CoolReaper from users using modified ROM to ensure CoolReaper would not be found or removed by security applications. Palo Alto also note that a white-hat security researcher identified a vulnerability in the back-end control system for CoolReaper, which allowed him to see how Coolpad controls the backdoor in November this year.

This is the first report of intentionally installed backdoor and operated by the manufacturer of the devices itself that will erode user's trust in their system.

Source : Palo Alto

No comments:

Post a Comment