Home Tags Shanghai

Tag: Shanghai

New Surface Pro: No USB-C port, minor design refresh revealed in...

No Surface Pro 5; it's just called Surface Pro. Unveiled in Shanghai next week.

310-mile range and 320kW: 2019’s Audi e-tron Sportback

The powertrain looks great, but we're not sure about the styling.

Renault imagines the Grand Prix car of 2027

It has 1 megawatt of power, all-wheel drive, and active suspension and aerodynamics.

New(ish) Mirai Spreader Poses New Risks

A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices.

This is not the case.
Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.

China can help drive global progress in quantum computing

Asian country has began investing in quantum technology and is at a similar starting point with other economic powers in this field, says Shanghai-born Turing Award winner Andrew Yao.

Powerful backdoor/rootkit found preinstalled on 3 million Android phones

Enlargereader comments 37 Share this story Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday. Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks. Since BitSight and its subsidiary company Anubis Networks took possession of the two preconfigured domains, more than 2.8 million devices have attempted to connect in search of software that can be executed with unfettered "root" privileges, the researchers said. Had malicious parties obtained the addresses before BitSight did, the actors could have installed keyloggers, bugging software, and other malware that completely bypassed security protections built into the Android operating system. The almost three million devices remain vulnerable to so-called man-in-the-middle attacks because the firmware—which was developed by a Chinese company called Ragentek Group—doesn't encrypt the communications sent and received to phones and doesn't rely on code-signing to authenticate legitimate apps. Based on the IP addresses of the connecting devices, vulnerable phones hail from locations all over the world, with the US being the No. 1 affected country. "The thing that scares us is a lot of these users will be unaware of the vulnerability, and they will never get an update," BitSight CTO Stephen Boyer told Ars. "This is full system compromise. This is at the root level. [Attackers with a MitM position] can do anything." Kind of BLU In a blog post published Thursday, BitSight researchers said they went to a Best Buy store and purchased a BLU Studio G phone and were able to perform an attack that exploited the backdoor. As a result, they were able to install a file they named system_rw_test in /data/system/, a file location that's reserved for apps with all-powerful system privileges. The researchers provided the following screenshot: Enlarge BitSight Technologies By observing the data phones sent when connecting to the two previously unregistered domains, BitSight researchers have cataloged 55 known device models that are affected. The most affected manufacturer is US-based BLU Products, which accounted for about 26 percent, followed by multinational Infinix with 11 percent, Doogee with almost 8 percent, and Leagoo and Xolo with about 4 percent each. Slightly more than 47 percent of the phones that connected to the BitSight sinkhole gave no indication who their manufacturer was. A list of specific models can be found in this advisory from the Department of Homeland Security-sponsored CERT. Enlarge BitSight Technologies The IP addresses of the connecting devices were based in countries all over the world, with the US being the top one, BitSight researchers told Ars. Given the large number of connecting devices with unknown manufacturers, the list of affected devices is sure to grow in the coming weeks. People who are technically inclined can check if a phone is vulnerable by monitoring its network traffic and looking for outgoing connections to the following domains, which are hardwired into the Ragentek firmware: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com People who are concerned their phone may run the firmware may also contact the manufacturer. So far, according to both BitSight and the CERT advisory, only BLU Products has released an update that addresses the vulnerability. It's not clear if it will be installed automatically or if users must manually apply it, and BitSight researchers have not yet tested the patch to evaluate its effectiveness. BLU Products representatives didn't respond to a message seeking comment for this post. Affected or potentially affected users who don't have an update can also protect themselves by connecting only to networks they trust or by using VPN software when connecting to hotspots and other unsecured Wi-Fi networks. Rootkit functionality Little is known about the Ragentek firmware. BitSight researchers said code in the firmware goes out of its way to conceal the presence of the underlying binary file. For example, it deliberately attempts to remain excluded from the list of running processes returned by the Linux PS command. "In this case, the developer added an exception when iterating over the system processes to explicitly skip over the affected binary (“debugs”), and thus not display it in the returned results," BitSight researcher Dan Dahlberg told Ars. "In other words, the programs were modified to pretend this binary did not exist." Dahlberg said the Ragentek firmware takes similar steps to evade the top command. Despite the suspicious behavior, BitSight researchers suspect the firmware is designed to deliver legitimate over-the-air updates to phones, and they believe the backdoor capabilities were unintentional. Attempts to reach Ragentek and other manufacturers weren't successful. The disclosure from BitSight is the second time this week researchers have warned of Android phones coming preinstalled with what amounts to a backdoor. On Tuesday, researchers from security firm Kryptowire reported that hundreds of thousands of handsets sent massive amounts of personal data about the phones and their users’ activities to servers operated by China-based Shanghai AdUps Technologies, the maker of another piece of malware. Taken together, the disclosures underscore a troubling lack of testing by the affected manufacturers and the blind trust consumers place in devices that are becoming increasingly central to their lives.

Report: Android Firmware Sent Personal Data to China

Shanghai Adups Technology Co. claims the software "inadvertently" included a secret backdoor.

A number of budget Android smartphones are suspected of sending text messages to China every 72 hours.

Security firm Kryptowire, which first reported the secret backdoor on Tuesday, blamed a firmware developed by Shanghai Adups Technology Company.

The majority of monitoring activities used Adups' Firmware Over The Air (FOTA) update system, developed in response to user demand to screen out junk texts and calls from advertisers.

"Since its founding, Adups FOTA has taken customer and user privacy very seriously," the organization said in a statement published Wednesday.

But the software, according to Kryptowire, transmits sensitive personal data without disclosure or user consent.

Tech Radar released a list of affected models from Miami-based mobile manufacturer Blu. Owners of the R1 HD, Energy X Plus 2, Studio Touch, Advance 4.0 L2, Neo XL, or Energy Diamond are encouraged to check their phone by navigating to Settings > Apps > Menu > Show System > Wireless Update. If it is running, you're in the clear, Tech Radar said. If it reads 5.0.x to 5.3.x, however, you should contact Blu immediately.

It remains unclear how many of the handsets were sold in the US.

These devices relay information like text messages, contact lists, call history (with full telephone numbers), and unique device identifiers, Kryptowire explained. The firmware also collected details about the use of installed applications, and is able to remotely program the gadget.

Shanghai Adups, however, claims this is all a misunderstanding; a simple mistake that has since been rectified.

"In June 2016, some Blu Product, Inc. devices applied a version of the Adups FOTA application that inadvertently included the functionality of flagging junk texts and calls," the company statement said. "When Blu raised objections, Adups took immediate measures to disable that functionality on Blu phones."

It also confirmed that no information—text messages, contacts, phone logs—was disclosed, and any data received from a Blu phone during that period was deleted.

"Also, Adups has been working to further improve the privacy protections in its products. Adups sincerely apologizes to its partners and users," it continued. "We will enhance process management and work to improve transparency, and deliver high-quality products and best service to provide the best possible data security for all our customers."

Neither Google nor Blu immediately responded to PCMag's request for comment.

ZTE, meanwhile, maintains that none of its US devices "have ever had the Adups software installed on them, and will not," the mobile manufacturer told Android Headlines.

Security bods find Android phoning home. Home being China

Kryptowire uncovers firmware sending texts, contacts and everything else Security researchers have uncovered a secret backdoor in Android phones that sends almost all personally identifiable information to servers based in China. The firmware is managed by Shanghai Adups Technology, and according to the company, is contained on over 700 million phones worldwide, including phones available in the United States. Adups says that the firmware provides companies with data for customer support, but an analysis by Kryptowire revealed that the software sends the full bodies of text messages, contact lists, call history with full telephone numbers, and unique device identifiers including the International Mobile Subscriber Identity and the International Mobile Station Equipment Identity. Or, in other words, everything that you would need to keep someone under surveillance. Although Shanghai Adups is not affiliated with the Chinese government, the discovery of the firmware is being taken very seriously by US government officials: not least because the firmware does not disclose what it is doing and the firmware – spyware – comes pre-installed on new phones. On its website, Adups says its firmware is used by 400 mobile operators, semiconductor vendors, and device manufacturers, covering everything from smartphones to wearables to cars and televisions. The company has admitted that the specific software under examination was written following a request by a Chinese manufacturer, but has refused to name the company. Transmission Phones with the firmware are available for purchase online in the US, including through major retailers like Amazon and BestBuy. Kryptowire said it only discovered its existence by accident when one of its researchers bought a phone to travel with and noticed some irregular network traffic when he turned it on. Adups has not published a list of the phones its software is included in, although it is known to provide its software to the two large Chinese phone manufacturers Huawei and ZTE.

Google has apparently told the company to also remove its software from any Android phones that run its app store, Google Play. Data collection and transmission on the affected phones are handled by two system applications – com.adups.fota.sysoper and com.adups.fota – neither of which can be disabled by the user. According to Kryptowire, data transmission of text messages and call logs takes place every 72 hours, and all other personally identifiable information is sent every 24 hours. The data is sent to four servers: bigdata.adups.com bigdata.adsunflower.com bigdata.adfuture.cn bigdata.advmob.cn They all resolve to the same IP address – – which belongs to Adups. Further adding to suspicions, communication between phones and the servers included two elements that allow the data sent to be connected to a specific phone number.
In other words, rather than simply collecting data and aggregating it – something a lot of companies do (but disclose), the Adups software purposefully makes it possible to identify and track specific phones. In some respects, the Adups software is even more intrusive than the infamous Carrier IQ spyware, which was revealed in 2011 to be key-logging and transmitting data secretly.

That discovery sparked an outcry.

The technology was recently bought by AT&T. While Adups doesn't grab key logging or email address information, it does something much more worrying – enables apps to be updated and installed, and allows for remote execution and privilege escalation. As such, it would be possible for Adups to identify a specific phone, install additional spyware on it, and grant full access to the phone.
It would also be able to remove that software at a later date – ie, it would be the perfect spying tool. The specific phone that the researchers discovered the firmware on was the BLU R1 HD.

CEO of BLU Products, Samuel Ohev-Zion, said that the company was not aware of the firmware's capabilities, and that the company has now removed it. According to Adups, the software featured on the phone tested by Kryptowire was not intended to be included on phones in the United States market. ® Sponsored: Customer Identity and Access Management

Report: Backdoor access in the Blu R1 HD and other phones...

Some Blu smartphone owners got a hidden feature they weren’t quite expecting. It turned out software from a Chinese company was transmitting all of their text messages and other data to China every 72 hours.

The vulnerability was discovered by a Kryptowire, an American enterprise security firm. According to a New York Times report it wasn’t clear if the information went beyond the recipient of Shanghai Adups Technology Company, but it impacted Blu R1 HD and other phones. On its website, Adups says it builds firmware that runs on more than 700 million phones. Kryptowire concluded that the data sharing included full contexts of text messages, call logs, contact lists, location information, and other data.

There was other identifiable information, like each phone’s Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). Blu Products told the Times that 120,000 of its phones were affected, but the leak was plugged through a software update.

Blu is known primarily for low-cost phones, such as the Blu R1 HD, which recently was part of a special offered by Amazon for $50. Adups provides software for ZTE and Huawei, although it’s unclear if the scope of the data-mining effort extends to other products as well.

According to the report, Adups assured Blu that all customer information had been destroyed and was not part of any intentional effort to keep the data or send to a government agency. The purpose of saving the information, according to Adups, was to identify client junk text messages and calls.  Kryptowire shared its findings with the U.S. government, Blu, and Google. You can check out the full report for details about what it uncovered. Why this matters: The episode illustrates that data can often pass through many different companies as part of the process of creating a smartphone. While any crisis may have been averted here, it may give you pause about where you buy your next smartphone and which companies have hands in creating all of the software. This story, "Report: Backdoor access in the Blu R1 HD and other phones sent data to China" was originally published by Greenbot.

Chinese company installed secret backdoor on hundreds of thousands of phones

Enlarge / The BLU R1 HD is one of the devices that was backdoored by a Chinese software provider.Blue Products reader comments 87 Share this story Security firm Kryptowire has uncovered a backdoor in the firmware installed on low-cost Android phones, including phones from BLU Products sold online through Amazon and Best Buy.

The backdoor software, initially discovered on the BLU R1 HD, sent massive amounts of personal data about the phones and their users’ activities back to servers in China that are owned by a firmware update software provider.

The data included phone number, location data, the content of text messages, calls made, and applications installed and used. The company, Shanghai AdUps Technologies, had apparently designed the backdoor to help Chinese phone manufacturers and carriers track the behavior of their customers for advertising purposes.

AdUps claims its software runs updates for more than 700 million devices worldwide, including smartphones, tablets, and automobile entertainment systems.
It is installed on smartphones from Huawei and ZTE sold in China. A lawyer for the company told The New York Times that the data was not being collected for the Chinese government, stating, “This is a private company that made a mistake.” The backdoor was part of the commercial Firmware Over The Air (FOTA) update software installed on BLU Android devices provided as a service to BLU by AdUps.
In a report on the finding, a Kryptowire spokesperson said: These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).

The firmware could target specific users and text messages matching remotely defined keywords.

The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices...

The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information. The transmissions were discovered by Kryptowire in lab testing.

The company immediately notified Google, BLU, AdUps, and Amazon—which is the exclusive retailer of the BLU R1 HD—of its findings. The user data was sent in JavaScript Object Notation (JSON) format to a number of servers, all with the hostname bigdata: bigdata.adups.com, bigdata.adsunflower.com, bigdata.adfuture.cn, and bigdata.advmob.cn.

The data collection and transmission capability is spread across different applications and files.

Text message data (encrypted with DES, which Kryptowire researchers were able to recover the key for) and call log information were sent back every 72 hours. Other data, including location data and app use, was sent every 24 hours. A BLU spokesperson told Ars that the software backdoor affected a “limited number of BLU devices” and that the “affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.” According to The New York Times report, BLU reported about 120,000 devices were affected and patched.

Your body reveals your password by interfering with WiFi

Wave goodbye to security if crims can pop a MIMO router Modern Wi-Fi doesn't just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal. A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing the radio signal can reveal private information, using just one malicious Wi-Fi hotspot. In this paper, published by the Association of Computing Machinery, they claim covert password snooping as high as 81.7 per cent, once their system has enough training samples. It's an attack that wouldn't work if you had a primitive Wi-Fi setup with just one antenna, because it relies on the sophisticated beam-forming implemented in Multiple-Input, Multiple-Output (MIMO) antenna configurations. In a modern Wi-Fi setup, beam-forming is controlled by software that uses the small phase differences between antennas to reinforce signals in some directions, and cancel them out in other directions. That's what the researchers exploited: because the kit is designed to manage very small changes in signal, the researchers worked out the link state changes when the user's hand is moving near the phone – such as when they're using the screen input. From their paper – its obligatory cute title is When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals, where “CSI” stands for “channel state information: “WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI)”. The boffins are particularly pleased with themselves that they don't need to compromise the target: the attack is launched entirely from a malicious Wi-Fi hotspot. A picture is probably useful at this point: this shows the CSI values recorded by the attackers if a user is continuously clicking different keys or the same key. Channel state information (CSI) analysis reveals user's movements.
Image from When CSI Meets Public WiFi To force the target to send CSI to the base station, the attack sends an ICMP (Internet Control Message Protocol) request to the victim, which sends back an ICMP Reply. WindTalker only needs to gather 800 packets per second of replies to analyse the user's keystrokes. As well as the signal analysis, the Wi-Fi base station was modified with a panel antenna for better sensitivity, and the researchers wrote WindTalker's software to watch out for HTTPS sessions (since that might alert them to when the user was hitting a payments site – AliPay was chosen for this experiment). The researchers note that there's a simple way to block WindTalker: companies crafting payment apps should randomise their keypad layouts.

The attacker can still infer the finger's position – but won't know what key was pressed. ® Sponsored: Customer Identity and Access Management

Download watchOS 2.0 – 2.2.2 Information

watchOS 2.2.2 This release contains bug fixes and security updates. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/en-us/HT201222 watchOS 2.2.1 This release contains bug fixes and security updates. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/en-us/HT201222 watchOS 2.2 This update includes support for pairing multiple watches to one iPhone, Maps improvements and new language support.

This release also includes additional improvements and bug fixes.     •    Adds support for pairing multiple Apple Watches to one iPhone    •    Adds Nearby in Maps to browse for places around you by category, including Food, Shopping, and more    •    Adds support for system language in Catalan, Croatian, Slovak, Romanian, and Ukrainian    •    Adds support for dictation in Catalan, Croatian, Slovak, Romanian, Ukrainian, and English (Saudi Arabia, UAE, and Indonesia)    •    Adds support for Siri in Malay, Finnish, and Hebrew    •    Increases frequency of background heart rate measurements when you are stationary For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222 watchOS 2.1 This update includes new language support and bug fixes. Adds support for system language in Arabic, Czech, Greek, Hebrew, Hungarian, Malay, Portuguese (Portugal), and Vietnamese Adds support for Right-to-Left user interface Adds ability to switch between Latin and Hindi numerals for Arabic Adds a new complication for Islamic and Hebrew Calendars Adds support for Siri and dictation in Arabic (Saudi Arabia, United Arab Emirates) Adds support for dictation in English (Malaysia), Czech, Greek, Hebrew, Hungarian, Portuguese (Portugal), and Vietnamese Resolves an issue that could prevent events from updating in the Calendar complication Fixes an issue that could prevent the time from displaying in Power Reserve mode Addresses issues that could prevent third party apps from launching Fixes an issue that could prevent third-party app icons from displaying correctly Fixes an issue that could cause instability when changing the system language For information on the security content of this update, please visit this website: watchOS 2.0.1 This update contains new emoji characters, performance improvements, and bug fixes, including: Fixes an issue that could cause software updates to stall Fixes issues that were impacting battery performance Resolves an issue that prevented a managed iPhone from syncing iOS Calendar events to Apple Watch Addresses an issue that could prevent location information from properly updating Fixes an issue that could cause Digital Touch to send from an email address instead of a phone number Addresses an issue that could cause instability when using a Live Photo as a watch face Resolves an issue that allows the sensors to stay on indefinitely when using Siri to measure heart rate For information on the security content of this update, please visit this website: watchOS  2.0 This update contains new features and capabilities for users and developers, including the following: New watch faces and timekeeping features Time-lapse videos of Hong Kong, London, Mack Lake, New York, Shanghai, and Paris Photo and Photo Album so you can see your favorite images every time you raise your wrist, including support for Live Photos Time Travel with the Digital Crown to see what’s coming in the future or what’s happened in the past Nightstand Mode so your Watch can be used as a bedside alarm clock 9 new colors to customize your watch face, and a new multicolor Modular face Support for third-party apps to create complications Siri improvements Start a specific workout, get transit directions, or ask to see a glance Support for FaceTime audio calling and replying to email Support for HomeKit to control supported devices in your home using Siri New support for Austria, Belgium (French and Dutch), and Norway Activity and Workout improvements Workouts from third party apps on the Watch can be included in your Activity rings Activity rings, workouts, and achievements can be shared from the Activity app on iPhone Interactive achievements On-demand weekly summary Mute Activity notifications for one day Workouts saved automatically Apple Pay and Wallet improvements Support for Discover cards Support for rewards cards and store credit and debit cards Add passes to Wallet directly from third party apps on your Watch Friends and Digital Touch improvements Add more than 12 Friends directly from Apple Watch Multiple Friends’ groups that you can name Send sketches using multiple colors New options for animated emoji Maps improvements Transit view, showing transit lines, stations and intermodal connections in select major cities View the list of directions for your current route View station placards with departure information Music improvements New Beats 1 button to start playing the 24/7 radio station New Quick Play button to play a variety of songs from Apple Music Reply to emails using dictation, emoji, or smart replies customized specifically for email Make and receive calls using FaceTime audio Support for Wi-Fi calling without iPhone in proximity on participating carriers Activation Lock prevents anyone from activating your Apple Watch without your Apple ID and password New developer capabilities including Native SDK to build faster and more powerful apps running natively on Apple Watch Access to accelerometer to more granularly track your motion Access to heart rate sensor for use during a workout Access to microphone and speaker to record and play audio Access to the Taptic Engine with 8 different types of Haptic feedback Access to the Digital Crown for more precise controls Ability to play video directly on Apple Watch Support for running apps without iPhone in proximity, including access to networking capabilities when connected to known Wi-Fi networks Complications on the watch face Workouts from apps can be counted towards Activity rings Workouts from apps can be included in Activity app on iPhone New support for system language in English (India), Finnish, Indonesian, Norwegian, and Polish New support for dictation in Dutch (Belgium), English (Ireland, Philippines, South Africa), French (Belgium), German (Austria), Spanish (Chile, Colombia) New support for smart replies in Traditional Chinese (Hong Kong, Taiwan), Danish, Dutch, English (New Zealand, Singapore), Japanese, Korean, Swedish, Thai Some features may not be available for all countries or all areas.For information on the security content of this update, please visit this website:http://support.apple.com/kb/HT1222