China hasn't spared classic push-button phones; malware-infested phones sold in Russia

A security researcher has made a shocking discovery wherein malware was found inside low-budget push-button phones sold as cheaper alternatives to popular feature phones in Russia.

China has time again been exposed for its malicious activities of spying on people, even outside its country. The United States government has banned a wide range of Chinese OEMs over reports of surveillance on the masses, as well as US investment in Chinese firms. India, too, has cracked down on several Chinese apps, including the popular PUBG Mobile. While it was a common notion that China only used smartphones and other advanced equipment for its malicious intent, a new report suggests China has no bounds when it comes to using electronic devices for its purpose.

A Russian security researcher named ValdikSS has revealed that push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 had been subscribing to premium SMS services unprompted. To go unnoticed, the malware in the phone intercepted incoming SMS messages.

China behind malware-ridden classic push-button phones sold in Russia [details] — ValdikSS

To expose the malicious behaviour in the phones above, ValdikSS set up a local 2G base station to intercept the phones' communications. He said the devices secretly notified a remote internet server when activated for the first time. Shockingly, this process was automated even when there was no internet browser.

Feature phones riddled with malware

The security researcher found four out of five phones tested exhibited malicious behaviour. Here are the observations made by ValdikSS:

DEXP SD2810, despite not having an internet browser, sent data to a remote server, including IMEI, IMSI codes without user's knowledge. The phone sent SMS messages to premium numbers by retrieving the SMS number and SMS text from a remote server.

Itel it2160 was sending information such as IMEI code, country, model, firmware version, language, activation time and mobile base station ID.

RAMpage vulnerability attacks android devices — Creative Commons

Irbis SF63 acted similar to DEXP phone, where it notifies a remote server about the phone's sale and activation. It goes further and registers online using the phone's phone number, executes commands from a remote server.

F+Flip3 phone sends SMS with phone's IMEI and IMSI codes to phone numbers, which have been hardcoded into the firmware of the phone.

The security researcher found that the remote servers that received the data were located in China. But ValdikSS also noted that it wasn't clear if the code was added by the vendor or by third parties that supplied the firmware.

China

Trending now

China hasn't spared classic push-button phones; malware-infested phones sold in Russia

A security researcher has made a shocking discovery wherein malware was found inside low-budget push-button phones sold as cheaper alternatives to popular feature phones in Russia.

Nothing launches 2 new earbuds with ChatGPT integration in India; pricing starts at Rs 7,999

Google sacks 28 employees involved in protests over Israel govt contract

Samsung's Next-Gen AI TVs are here; Neo QLED 8K, Neo QLED 4K, OLED TVs in offing [full details]

Nothing launches 2 new earbuds with ChatGPT integration in India; pricing starts at Rs 7,999

Google sacks 28 employees involved in protests over Israel govt contract

Samsung's Next-Gen AI TVs are here; Neo QLED 8K, Neo QLED 4K, OLED TVs in offing [full details]

Apple aims at assembling iPhone camera module in India to cut dependence on China