Researchers at Malwarebytes recently revealed that a United States Government-funded smartphone comes pre-installed with malware. According to the report, the malware cannot be removed without making the phone useless.
The smartphone, known as UMX U683CL, was distributed during
an assurance program held by Virgin Mobile. The program was established in 1985
via the Federal Lifeline Assisted Program (FCC). And the goal of the program is
to make mobile and communication services more affordable to low-income users.
UMX U683CL is only sold at about $35 with some features that show it is probably worth more than that. The smartphone features Android Go, 2000 mAh battery, 5-inch 480p, 1GB of RAM, and a Qualcomm Snapdragon 210.
The offer of such features at such a price is certainly better than what anyone would get in the actual market. But, based on the researchers’ findings, the low-cost offering probably comes with the price of security and safety. The researchers have discovered not only one, but two instances where malware was pre-installed on the smartphone.
The first instance of malware is less serious than the
second. According to the researchers, it identifies itself as a “wireless
update.” The feature is used to update the smartphone, but it can automatically
install apps in the background without the consent of the user. The researchers
called this malware Adups.
The second is, the more serious of the two. It is part of
the phone’s application and has been completely obfuscated. The second malware
has been preinstalled as part of the application settings on the phone. To
remove it, you are likely going to render the phone useless.
Malwarebyte researchers found out that the malware has a close
resemblance to other Trojan malware from China. The codes and service names are
similar to the names of some malware that originated from China.
Also, the malware shares a hidden library with the Chinese Trojan . The overwhelming evidence the researchers discovered showed that the pre-installed malware on smartphones came from China.
The second malware shows itself as “Full,” without any
further information. However, users are not able to uninstall to delete it
because it came pre-installed with the phone’s applications.
The Malwarebytes researchers have already informed Assurance Wireless on their findings. The researchers sought to know why a malware-installed phone was used in a program funded by the U.S. government.
As at the time of writing, the researchers have not received any response yet from Assurance Wireless. It has made matters worse, as the researchers are increasingly getting convinced that some persons may have been aware of this situation before now.
It’s even disheartening that a smartphone intended for lower-income consumers have been compromised to deny the set of consumers their right to privacy. According to the researchers, the budget shouldn’t be a factor that would be used to determine a consumer’s rights and privacy.
Malwarebytes noted that the user of such a compromised phone is completely pinned, as there is no way they could go around the situation. If they decide to continue using the phone, their privacy and security would be at risk. However, if they decide to delete the virus, the phone would no longer be useful. They shouldn’t even have to choose between not having a usable phone, or having a malware.
Malwarebytes could not verify whether UMX purposely
pre-installed the malware. They also reiterated that although the device and
the malware have been traced to China, it’s unclear whether those that
installed them are from China. According to the researchers, it could be a
coincidence that a Chinese company produced the device while the malware also
has a Chinese root.
Malwarebytes also reported that there had been other
low-budget devices with similar malware issues like this one. They pointed out
that there are many low-budget smartphones with pre-installed malware. Some of
the consumers are not aware that their privacy has been compromised when they
start using such phones.
dumps-shopcc feshop-dumpscc