Built-In Backdoor Found in Millions of Popular Chinese Android Smartphones
Chinese smartphone manufacturers have been criticized many times for suspected backdoors in its products, the popular Chinese smartphone brands, Xiaomi and Star N9500 smartphones are the top examples. Now, the China's third-largest mobile and world's sixth-largest phone manufacturer 'Coolpad', has joined the list.

Millions of Android smartphones sold by Chinese smartphone maker Coolpad Group Ltd. may contain an extensive "backdoor" from its manufacturer that is being able to track users, push unwanted pop-up advertisements and install unauthorized apps onto users' phones without their knowledge, alleged a U.S. security firm.

OVER 10 MILLION USERS AT RISK
Researchers from Silicon Valley online security firm Palo Alto Networks discovered the backdoor, dubbed "CoolReaper," pre-installed on two dozens of Coolpad Android handset models, including high-end devices, sold exclusively in China and Taiwan. The backdoor can let attackers completely hijack users' Android device by gaining access to their device information and functions.
Cybersecurity

The backdoor presents several privacy and security risk, and is believed to impact over 10 million users worldwide. The security firm released a research paper Wednesday detailing its investigation on the backdoor software, called CoolReaper.

FEATURES OF COOLREAPER BACKDOOR
According to Ryan Olson, intelligence director at Palo Alto, CoolReaper backdoor can perform a wide number of unsolicited tasks. The backdoor has ability to:
  • Download, install and activate any Android application without the user's consent or notification
  • Connect to a number of command and control (C&C) servers
  • Clear user data, uninstall existing applications, or disable system applications
  • Send fake over-the-air (OTA) software updates to devices that install unwanted applications
  • Send or insert arbitrary SMS or MMS messages into the phone
  • Dial arbitrary phone numbers
  • Upload device information, its location, application usage information, calling and SMS history to Coolpad server
Researchers obtained only one of the Coolpad smartphone models sold in the U.S. and did not find CoolReaper on the device. So, they suspected that the CoolReaper backdoor comes pre-installed only on Coolpad handsets sold in China and Taiwan.

The researchers conducted its investigation after reviewing complaints by the users on message boards about suspicious activities noticed on Coolpad devices. The security firm installed multiple copies of the custom ROMs installed on Coolpad devices in China and found that most included CoolReaper.
"CoolReaper is the first malware we have seen that was built and operated by an Android manufacturer," researchers wrote. "The changes Coolpad made to the Android OS to hide the backdoor from users and antivirus programs are unique and should make people think twice about the integrity of their mobile devices."
CHINA BEING CRITICIZED MANY TIMES
This isn't the first time when Chinese phone manufacturer is criticized for its products. Six months ago, a popular and cheap handset device in China, the Star N9500 smartphone came pre-installed with a Trojan that allowed manufacturer to spy onto their users' comprising their personal data and conversations without any restrictions and users' knowledge.

Also, the latest claim against Chinese smartphone manufacturers was the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of "secretly" stealing users' information from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions.
Palo Alto Networks is the same security firm that discovered "WireLurker" malware that was targeting Mac and iOS users in China, and the main concern to worry about the threat was its ability to attack non-jailbroken iOS devices. The malware appeared as the first malicious software program with the ability to penetrate the iPhone's strict software controls.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.