Barnes & Noble has joined the list of Android device vendors who sold smartphones and tablets affected by the Adups backdoor.
According to the findings of Linux Journal reporter Charles Fisher, the company’s latest tablet, the NOOK 7 (Barnes & Noble BNTV450), includes a component manufactured by the Shanghai Adups Technology Co. Ltd. Chinese company.
This firmware component’s role is to provide an over-the-air update system for other firmware installed on the device.
Malicious component stole user data and sent it to servers in China
In mid-November, security firm Kryptowire published research revealing that Adups Technology included secret functionality in this component that sent user data back to servers located in China.
Stolen information included details about call logs, SMS messages, geo-location data, a list of apps installed on the device, and more. Additionally, the Adups firmware, also included the ability to execute commands on the user’s device and even install other applications.
In December, mobile security firm Trustlook revealed that the malicious activity was introduced and activated in the Adups firmware in July 2016, and had made its way into the devices sold by 43 vendors.
Adups releases new FOTA system version, clarifies behavior
The Adups FOTA system, which was an over-the-air update system for other firmware components, has been since then rebranded as a backdoor by the infosec community.
Adups Technology issued statements clarifying that one of its clients asked for those features as a way to filter out spam text messages. Nevertheless, that version of the FOTA system made its way onto multiple devices.
Following criticism from world media and future legal inquiries from several law enforcement agencies, Adups Technology published version 5.5 of its FOTA system, which they claim has been verified by both Google and a third-party organization named Buzz Lab. In the meantime, Adups has also updated its Privacy Notice to explain better how the company handles data collected from users.
News about Adups backdoor most likely affected NOOK 7 sales
The news about the Adups backdoor being found in Barnes & Noble NOOK 7 tablets came to light just before Christmas, no doubt making a dent in the company’s holiday season sales numbers.
NOOK 7 is Barnes & Noble’s latest NOOK version, the first one to be built on MediaTek chips and using Adups Technology firmware.
The tablet is sold for $50 and is considered a low-end device, just like most of the other models that used Adups’ FOTA system.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.