In the past we have discussed the indications that China is preparing for a Cyber War supremacy by various means. It is interesting to note that using the strength of cheap manufacturing, China has virtually become the hub of global IT device manufacturing. This has also given an opportunity for China to manipulate the manufacturing of Computers and Mobiles and install backdoors to enable stealing data from all the computing devices across the world.
In this connection therefore it is no surprise that a security firm now reveals that the firmware managed by a company called Shanghai Adups Technology and contained in about 700 million phones worldwide contains a backdoor which has the capability of sending full bodies of text messages, contact lists, call history with full telephone numbers and unique device identifiers including IMEI umbers and IMSE numbers. (Refer here)
It is stated that Adups firmware is used by 400 mobile operators, semiconductor vendors, and device manufacturers, covering everything from smartphones to wearables to cars and televisions.
According to the security firm Kryptowire, data transmission of text messages and call logs takes place every 72 hours, and all other personally identifiable information is sent every 24 hours and the data is sent to four servers belonging to Adups.
This enables Adups to identify specific devices and also track the activity. This provides a capability to the company to track Government officials and key business organizations where the mobile phones are being used. It also provides a capability to disable the phones for a massive denial of access attack.
At this point of time the brands that use Adups technology is not known but any device from Huwei and ZTE. (See here)
It is necessary for the world to wake up to this Cyber Intrusion and device appropriate security measures to prevent any data going out of the mobiles without the knowledge and permission of the owner of the phone. Since this is an offence in all Cyber Crime laws, a criminal case has to be filed against the company Adups and followed up internationally.
As a long term measure, Chinese IT devices should be completely eliminated from use by any critical Government or Corporate employee and probably by every body else. This requires alternate manufacturing facilities to be set up.
India should also immediately start a dialogue with the new US President in the making Mr Donald Trump how the manufacturing of mobile phones is taken out of China and shifted to India and USA.
There should be a global Cyber Security initiative in this regard that India and USA should lead to protect the Globe from the Chinese control of Cyber Space.
There is also a report that Micromax phones may also be vulnerable to this threat (See here). On the basis of this article,it should be possible for an investigation to be launched in India and the Company may be charged under Section 43 and Section 66 of ITA 2008. This should get more details of the “Computer Contaminant” and this “Micromax Virus” should be rooted out of India.