Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Android Security United States

Unremovable Malware Found Preinstalled on Low-End Smartphone Sold in the US (zdnet.com) 56

Low-end smartphones sold to Americans with low-income via a government-subsidized program contain unremovable malware, security firm Malware bytes said today in a report. From a report: The smartphone model is Unimax (UMX) U686CL, a low-end Android-based smartphone made in China and sold by Assurance Wireless, a cell phone service provider part of the Virgin Mobile group. The telco sells cell phones part of Lifeline, a government program that subsidizes phone service for low-income Americans. "In late 2019, we saw several complaints in our support system from users with a government-issued phone reporting that some of its pre-installed apps were malicious," Malwarebytes said in a report published today. The company said it purchased a UMX U686CL smartphone and analyzed it to confirm the reports it was receiving.
This discussion has been archived. No new comments can be posted.

Unremovable Malware Found Preinstalled on Low-End Smartphone Sold in the US

Comments Filter:
  • Who buys a phone from a dead company, anyway?
    • Who buys a phone from a dead company, anyway?

      I know several people who would be all over that. Some folks demand everything be rock bottom in price, because price is their touchstone.

      • I know several people who would be all over that. Some folks demand everything be rock bottom in price, because price is their touchstone.

        Used caskets for sale! :-D

        • I know several people who would be all over that. Some folks demand everything be rock bottom in price, because price is their touchstone.

          Used caskets for sale! :-D

          50 percent less goo!

      • by fred911 ( 83970 )

        ' Some folks demand everything be rock bottom in price'

        The problem is that these are government subsidized phones [Obama phones]. And Unimax isn't the only company doing this, ANS also does the exact same thing. No matter what the user blocks from execution on the phone, it calls malware for installation.

        So, not only are these companies making their income from the US Government, they are also installing addware using the bandwidth allocated to the plan that WE PAY FOR.

        In addition, these phones are generall

        • ' Some folks demand everything be rock bottom in price'

          The problem is that these are government subsidized phones [Obama phones]. And Unimax isn't the only company doing this, ANS also does the exact same thing. No matter what the user blocks from execution on the phone, it calls malware for installation.

          So, not only are these companies making their income from the US Government, they are also installing addware using the bandwidth allocated to the plan that WE PAY FOR.

          In addition, these phones are generally given to those that have the least knowledge or availability for support, or to know better.

          It's a criminal enterprise that the providers of subsidized phones have been doing without anyone saying one word, or without accountability. This is done to those that need the most protection, it's shameful.

          I'm not saying that people should want these phones or that the govmint should be giving them away. I am saying that there are people in here that would scap them up based on cheapness.

  • by Anonymous Coward
    you mean it's no different from the phones that you can buy anywhere else since almost all phones these days came preinstalled with soft(mal)ware that can't be removed without root.
  • by A10Mechanic ( 1056868 ) on Thursday January 09, 2020 @01:53PM (#59603836)
    Are there any smart phones out there, that have made it past the vaporware stage? Actual phones, that you can purchase? Vendor lock-in and obsolescence is a real issue, regardless of malware.
    • Does installing aftermarket ROMs count?

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Yes but unfortunately no recent phones have official Lineage builds and much fewer have Sailfish OS even though that's even closer to a Linux experience. The best bet is to buy a Librem

    • by twocows ( 1216842 ) on Thursday January 09, 2020 @03:06PM (#59604132)
      Eh... I mean, there's a few that exist, but they're very barebones. There's also Replicant, but it's as close to dead as you can get, there's like one developer still working on it and it's a project that way outscales that.

      I think you really need to figure out what your goals are with a smartphone. There are usually solutions to fit your needs. LineageOS is usually a happy medium. You can lock down system apps or feed them false data. It's also modified AOSP instead of modified Android, though you can install open-gapps on it if you want and lock them down like any other system app.
      • by eeloon ( 6270492 )

        I'm currently trying to install LineageOS with microG, to access Google services (email, calendar) without having Google binary blobs running on my phone. This feels like it should be a fairly common use case, but it's an absolute pain in the neck.

        Multiple levels of flashing the phone - a "recovery" which seems to be the equivalent of a BIOS, followed by the system itself - then installing some sort of shim (DavX5) to convert between the DAV calendar/contacts standard and whatever the heck Google uses, inp

        • A lot of that comes from trying to use microg, unfortunately. While I hope the microg project becomes successful, in terms of functionality there's a lot to be desired. If you want to use Google services, you basically have to use something like open-gapps, microg's just not there yet. Thankfully, LineageOS's built in privacy controls let you limit a lot of what the gapps can access.

          If you really can't stand using gapps, my recommendation at the moment is to find a way to get out of the Google ecosystem
    • Pine phone is supposed to start shipping next week, the Librem 5 has started shipping.
  • by Ostracus ( 1354233 ) on Thursday January 09, 2020 @01:55PM (#59603842) Journal

    Kind of sucks to be poor. And now they're a trial group for "how to spy on the masses". Soon as they figure out "undetected" they'll be good to go.

  • by bobstreo ( 1320787 ) on Thursday January 09, 2020 @02:03PM (#59603888)

    People suggesting they "buy" phones from somewhere else probably don't know that these phones and the services were pretty much free for low income people, and it's not like they had a choice where the junk phones came from.

    The providers of these phones should be held responsible for not bothering to do a minimal security check before deploying something like 20 million "free" phones to the financially strapped.

    • Re: (Score:3, Insightful)

      by pgmrdlm ( 1642279 )
      These phones are a life line for people. Everything from medical to being able to answer a phone call about a job. And there is such a thing as low income people that have jobs, that still need help like this.
  • Probably won't happen, but it should.

  • by TigerPlish ( 174064 ) on Thursday January 09, 2020 @02:42PM (#59604028)

    So.. who put the malware in?

    TFA doesn't say other than "it's unclear."

    1. Could it be the chinese? From context in TFA, could be.

    2. Could be the US Government? I'm sure there are some in The Bureaucracy who would love to see what "The People" are doing with these phones. Who they text. What they text.

    3. Could be general incompetence, *again* -- > the most likely explanation. But I'd be very curious about #2...

    • by gmack ( 197796 )

      TFA is unclear because Malwarebytes sells more products if they can scare you by making it sound like the chinese are spying on you. I've seen this crap in action. It's the phone manufacturer making extra money throwing ads onto the screen.

      To be clear though: If you can't flash the phone the only option is to disable the software since it can't be removed by design

    • No, just the one you need the most, to keep your distortion up of how there is no evil and all is well and everyone is merely incompetent and stupid.

      Just make it official, and start a religion already! I even have a cool name: The Blackeyers!
      I'm selling buckets of sand for your heads starting right now!

      Source: I got relatives who actually see the insides of the shit that is happening out there. I know you will never believe me, and you should never just believe anyway, but what you hear as "consipracy theor

    • Why "chinese"? That come from who's ass?
    • I'm sure there are some in The Bureaucracy who would love to see what "The People" are doing with these phones. Who they text. What they text.

      Doubtful. The people who get these phones are not at all interesting.

      • Doubtful. The people who get these phones are not at all interesting.

        Yeah, because it's always the rich people who rise up against the status quo and start riots and stuffs.
        Never the poor and downtrodden, the disenfranchised, oh noes.
        Why would anyone want to watch those smelly buggers?
        There is only a couple hundred million of them.
        Let them eat cake.

        • These are people literally turning to the government to give them a cell phone. They are not revolutionaries.

          • I didn't say they were bright, and free is free, spend some time without money and you might understand. If the guvment handed out beer they would drink it and then throw the bottle at the guvment. In fact bright revolutionaries suck, all they do is sit around and talk and talk and talk, they are also unlikely to storm a police line armed with nothing more than a rock.
  • Computers too.

    And I don't just mean IME or some funny EFI/firmware.

  • Look Everywhere (Score:3, Insightful)

    by ThatGype ( 5884680 ) on Thursday January 09, 2020 @03:47PM (#59604282)
    Years ago, programs which forcibly installed themselves on your computer and monitored your habits were rightly called 'malware.' Even though many of these companies tried to justify their practices as 'legitimate advertising business' they were condemned and flagged by anti-malware software.

    Now, most apps installed on smartphones have embedded trackers and in-app advertising. Your phone's OS even has a delightful 'advertising ID' to help out these wonderful people. It is nigh-impossible to use a modern smartphone without encountering such 'features.'

    In other words, this article is a (regrettable) instance of business as usual for the smartphone industry.
  • Malware? Sure? Not Windows Phone?
  • Virgin mobile is ceasing to exist and being moved over to Boost mobile. Around the beginning of February.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...