“A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores,” reports the Record:
In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection. ValdikSS, who set up a local 2G base station in order to intercept the phonesâ(TM) communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser…
All the remote servers that received this activity were located in China, ValdikSS said, where all the devices were also manufactured before being re-sold on Russian online stores as low-budget alternatives to more popular push-button phone offerings, such as those from Nokia.
But who’s responsible, the article ultimately asks. The third party supplying the firmware? The parties shipping the phones? The vendors selling the phone without detecting its malware? Or the government agencies lacking a mechanism for collecting reports of malware…
of this story at Slashdot.
Source:: Slashdot