Spyware subsidizes high-end Android phone

Summary:We're all used to crapware subsidizing Windows PCs. Now firmware-based spyware is subsidizing Android phones. Here's what to look for.

Just when you thought Android security couldn't get worse, it did. German security vendor G Data discovered a high-end Android phone - the Star S9500, but sold under other names - with factory-installed spyware burned into firmware.

Disguised as the Google Play Store, the spyware runs in the background and is undetectable by users. It covertly sends data to a server in China and can install new applications.

Great specs 

But at least you're getting a lot of phone for your money: capacitive 5" HD IPS touch screen; quad-core processor; 1GB RAM; 8MP camera; Android 4.2; dual-SIM card support; second battery; car charger; and a second cover. All for as low as $135 online with no contract.

Who could ask for more? Especially since the Samsung S5's manufacturing cost is estimated to be over $250.

And feast your eyes on the could-be-mistaken-for-an-iPhone styling:

star_s9500
Source: Star


G Data says this about the spyware:

. . . the firmware contained the Trojan Android.Trojan.Uupay.D, disguised as the Google Play Store. The spy function is invisible to the user and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly. The program also blocks the installation of security updates.

Ebay has taken the phone off their site, but if you hurry you can still get it on Amazon.

The Storage Bits take
Expect to see this gambit repeated on other phones. There's a couple of billion naive people who'd like a nice smartphone and can't afford a name brand.

The obvious flaw in the S9500 strategy is the price: it's suspiciously low. That's a very easy problem to fix.

The longer term problem is that criminals will try to alter the firmware in brand name phones which, after all, are all manufactured in China. Folks who poison baby formula for profit can't be underestimated.

Bottom line: You get what you pay for. If it seems too good to be true, it probably is.

Comments welcome, as always.  Are smartphones overpriced?

Topics: Mobility, Android, Hardware, Malware, Smartphones, Storage

About

Harris has been working with computers for over 35 years and selling and marketing data storage for over 30 in companies large and small. He introduced a couple of multi-billion dollar storage products (DLT, the first Fibre Channel array) to market, as well as a many smaller ones. Earlier he spent 10 years marketing servers and networks.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.