Free phones – but NO privacy!

Image result for Free phones – but NO privacy!

When I spotted an article in Forbes by Thomas Brewster, I was immediately intrigued. The headline is U.S. Funds Program With Free Android Phones For The Poor — But With Permanent Chinese Malware. It surely must strike anyone reading it as a giving with one hand and taking away with the other gesture. So, I had to check out what it was about.

As I live outside the USA, I was not aware that low income households in the States have been able to get cheap cell service and even free smartphones via the U.S. government-funded Lifeline Assistance program. And there is one provider of this service called Assurance Wireless that offers a free Android device along with free data, texts and minutes. It sounds good on the face of it.

But according to security researchers at Malware Bytes there is a significant drawback to the distribution of this largesse. The Android phones come with preinstalled Chinese malware, which effectively opens up a backdoor onto the device and endangers the users’ private data. And, the researchers say that one of the types of malware is impossible to remove.

Malware Bytes informed Assurance Wireless about the issue. Assurance is a Virgin Mobile company, just as a matter of interest. So far Malware Bytes have not received a response from the service provider. So, users should be aware that their devices are vulnerable. Interestingly, after Forbes published the article a spokesperson for Sprint, which owns Virgin Mobile and Assurance Wireless, said: “We are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause. However, after our initial testing we do not believe the applications described in the media are malware.”

The FCC, which runs Lifeline Assistance, confirmed to Forbes that the law requires “its fund not be used by partner carriers for spending on devices.”

As a result questions are being asked. Senator Ron Wyden asked the FCC why these phones are being distributed to low-income citizens: “It is outrageous that taxpayer money may be going to companies providing insecure, malware-ridden phones to low-income families. I’ll be asking the FCC to ensure Americans that depend on Lifeline Assistance aren’t paying the price with their privacy and security.”

According to the Forbes article, the affected device is a UMX phone shipped by Assurance Wireless, and one of the bits of malware is the creation of a Chinese entity known as Adups. It basically auto-installs apps and the user has no way of controlling that. Furthermore Adups tools have been caught siphoning off private data in the past. This included the full-body of text messages, contact lists and call histories with full telephone numbers.

All this begs the question that Thomas Brewster asks – is privacy only for the rich?

The Malware Hunter

Avoiding malware, which can invade your computer via phishing emails or malicious sites, is a common preoccupation. You only have to click on the wrong thing and you’ve caught a ‘botnet’ that may attack your business website or spread a virus.

But, now it looks like help is on the way, albeit in a rather unusual, roundabout way. Netlab 360 has identified a type of botnet that can search for specific malware infections without harming your computer. What is more, once it has hunted down and eliminated the ‘bad botnet’, it deletes itself from your computer.

Netlab 360 engineer, Hui Wang, has called it ‘Fbot’, although nobody knows who created it, which is one of the interesting parts of this story. But, whoever is responsible for it, has basically designed a bot that does a much-needed job.

The way it works is like this, according to Jon Christian writing in futurism.com: “Fbot first infects computers that leave a specific port vulnerable to attack. Then it searches its new hosts for a piece of malware called com.ufo.miner, which uses infected computers to mine the cryptocurrency Monero — and eradicates it.”

Wang says, “So far, the only purpose of this botnet looks to be just going after and removing another botnet.” Other unusual aspects of the bot are:

· The bot does not use traditional DNS to communicate with the C2, instead, it utilises blockchain DNS to resolve the non-stand C2 name musl.lib.

· It appears to have strong links to the original satori botnet.

Coindesk has also commented on the new discovery, saying “Unusually, the botnet code is linked to a domain name accessible, not through a standard domain name system (DNS), but a decentralized alternative called EmerDNS that makes addresses harder to trace and shut down.”

And researchers also pointed out: “The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names).”

Either way, everyone is extremely curious about who is behind the botnet — is it somebody working with good intentions, or is it a hacker trying to remove the competition. Perhaps we will never know.