bnn.lv Latviski   bnn-news.com English   bnn-news.ru По-русски
Sunday 11.12.2016 | Name days: Valdis, Voldemārs, Valdemārs
LatviaLatvia

Chinese devices secretly send user data to servers in China

FaceBook
Twitter
Draugiem
print
(No Ratings Yet)

Baltic news, News from Latvia, BNN.LV, BNN-NEWS.COM, BNN-NEWS.RUAn American IT security company recently published shocking news about phones manufactured in China. Cheap and relatively reliable devices send sensitive user data to servers in China every three days. Data flow to China has also been noticed in Latvia recently.

CERT.LV has noticed connections to Chinese servers from eight state institutions networks. CERT.LV has identified multiple infected devices responsible for backdoor access leaks. Work is being done to determine what kind of information was leaked to the east, Nekā personīga programme of TV3 reports.

Since last week, Chinese phones are no longer popular in USA. IT security firm specialists have found that 50 dollar phones begin secretly transferring text messages, contact data and call records to servers in China after 72 hours of being active. Owners are not informed of this data leak and there is no way to turn it off.

BLU products are sold to twenty thousand clients. Their products are programmed by Chinese Shanghai Adups Technology, the same company that produced software for devices used by seven hundred million people. This includes e-cars and Huawei phones sold in Latvia.

The company explains that the spying function is intended for marketing purposes, so that mobile phone manufacturer can better study users’ habits. American authorities are currently looking into the matter, concerned that this incident may be hiding attempts by the Chinese government to spy on other countries.

After this incident in USA, Latvian IT security firm CERT began paying more attention to the situation in Latvia. Experts found that shady Chinese servers may have received information from phones owned by Latvian state officials.

«Having performed an inspection, we have noticed there have been several hundred connection cases from multiple Latvian state institutions to Chinese servers. It is too soon to say if those are the same phones, as their popularity in Latvia is not high at all. Perhaps this is because Latvian officials had procured devices elsewhere and then brought them to Latvia. Maybe this is related to installed applications we know nothing about,» – comments CERT.LV deputy manager Varis Teivans.

Experts have noticed that the devices that have been contacting servers in China are specifically phones. Several of them have been found and have been handed over to CERT. The organization does not reveal which institutions have experienced data leaks. There is also no information regarding the purpose behind gathering of user data. «This entire story involved a number of different companies engaged in marketing, quality improvements and software development. One of those companies maintains servers. We don’t know how this information will be used,» – said Teivans.

Phones are not the only device that can be used to spy on people. CERT as a state institution has noticed many surveillance cameras in which manufacturers included options for third party access. An unspecified state institution installed several hundred cameras. They were manufactured by Chinese company Milesight. It is a serious company with a presence on the American market.

CERT.LV regularly organizes CyberChess event for IT security experts. During this event, IT technology experts try to hack devices chosen by organizers. «We thought it would be interesting to do something with security cameras. It is a very acute topic. People often set them up in their homes and companies. So I decided to come up with ways to make experts interested in finding ways to hack them. I thought about adding an artificial loophole,» – said IT security expert Kirils Solovjovs.

As it turned, however, the manufacturer had already installed something of the sort. A number of security weaknesses had been found in the test camera. Skilled hackers could easily exploit them. Experts found at least five vulnerabilities – five different potential backdoor access points. At least two of them provided complete control over the device. Those vulnerabilities have been fixed since the last CyberChess event. However, it was hard to force the manufacturer to do it.

China manufactures the lion’s share of the world’s electronic devices and their components. It is one of the leaders in software development as well. This scandal with spy-phones is not the only one that suggests China’s attempts to gather user data by using devices. The Pentagon had reported earlier in October that Lenovo computers produced in China have built-in spying software.

Former secretary to the National Security Council and deputy chief of the Constitution Protection Bureau Gundars Zalkalns allows that the Chinese government may have ties to spying devices.

Experts are certain that Latvia is not a target for China’s spying efforts. It is more likely those devices had ended up in the country with no such intent. It is far more likely those devices are intended to be realized in other, much larger economies. Defence Ministry’s state secretary Janis Garisons is confident the IT security situation in the country’s government sector is not bad. The situation is, however, problematic for the private sector, where people often try to save money on anti-virus software or procure cheaper phones and tablets. This only puts them, their business partners and the country at risk.

Ref: 102.109.109.5789


Leave a reply

Week in Lithuania. Putin in fury over blacklisting Russian Constitutional Court judges

Lithuania has ban entry to judges of the Russian Constitutional Court over decisions that legalized the annexation of Crimea. The Lithuanian decision drew an indignant reaction from Russian President Vladimir Putin.

Piebalgs: current plans contradict original promises made by Kucinskis’ party

Finance Minister Dana Reizniece-Ozola from the Union of Greens and Farmers intentionally reports false information and misleads society by claiming that the decision regarding establishment of minimal social fees was the responsibility of the previous governments, says Unity chairman Andris Piebalgs.

Ratas tells Vejonis about plans of new Estonian government

«The new Estonian government will continue the previous government’s priorities in foreign and security policy, strengthening cooperation between the European Union and NATO,» – said the new Estonian Prime Minister Jüri Ratas during his meeting with Latvian President Raimonds Vejonis.

Estonian members of parliament recalled from state firm supervisory boards

Estonian Minister of Economic Affairs and Infrastructure Kadri Simson and Minister of Entrepreneurship and IT Urve Palo stated on December 9 that they recall all members of parliament, who also work in state company supervisory boards.

Avian influenza comes close to Baltics; FVS urges residents to be careful

H5N8 virus – a highly pathogenic form of avian influenza – continues spreading in Europe. Although so far it has been found in wild waterfowl in Sweden and Finland, there is currently no reason for concern in Latvia, says Food and Veterinary Service.

Estonian PM’s party defends co-operation protocol with United Russia

Estonia’s ruling Centre Party «does not dare» stepping out of its co-operation protocol with United Russia, the party represented by Russia’s current political elite, stated deputy chairperson of the centrists and Estonian Education and Research Minister Mailis Reps on December 8.

Baltic parliamentarians receive U.S. support for regional security

«The main message received from U.S. senators is that Latvia, Lithuania and Estonia have no reasons to worry about non-compliance with NATO obligations from their allies,» – notes Saeima Foreign Affairs Committee’s chairman Ojars Eriks Kalnins.

Norwegian guilty of sex abuse of 62 minors via Skype

Norwegian court convicted on December 8 a 66-year-old man with a prison sentence of eight years over child sex abuse in Skype internet communication programme.

Snow to return in Latvia at the end of the week

Maximum air temperature will remain within +4° C… +7° C in Latvia on Friday, 9 December. Rain is expected in many parts of Latvia. Nevertheless, much colder masses of air will flow into Latvia on the night to Saturday.

European Central Bank to continue quantitative easing for longer than planned

The European Central Bank has on December 8 stated that it would continue its quantitative easing programme no less than until December 2017 and would buy bonds for a smaller sum - 20 billion euros a month.

Lithuania lags big behind Estonia in OECD global education rating

Several Lithuanian universities and colleges offer identical or similar study programmes, but the graduates end up being on different rungs of the ladder after the graduation, career opportunities-wise and in terms of the wage.

Nordea: Baltics should not expect a «walk in the park»

The austerity policy realized in Baltics during the crisis has resulted in some of the lowest budget deficit and debt levels in the European Union. However, Baltics are part of the six EU member states, which includes Luxembourg, Denmark and Slovakia, that are able to fulfil all Maastricht criteria.

Average consumer price level in Latvia up 1.2%

Compared to November 2015, the average level of consumer prices increased by 1.3 % in November 2016. Prices of goods grew by 0.6 % and prices of services by 2.9 %.

Swedbank: transit industry’s losses will remain in the future

All economies of the Baltic Sea region – including Russia, where recession ended this year – are growing. This growth, however, is modest. Brexit and outcome of elections in USA show that populism is gradually becoming a normal occurrence in the world, according to Swedbank’s latest Baltic Sea report.

Finnish post denies having «lost» 10,000 newspapers

An unusual event has become one of Finland’s top media stories on December 7 – national postal service Posti is blamed for «losing» the latest release of social-democratic weekly Demokraatti in its entirety.

Latvijas Gāze to receive 35 million euro loan from OP Corporate Bank

This week, 6 December, OP Corporate Bank plc commenced cooperation with Latvijas Gāze in relation to the provision of a loan worth EUR 35 million. The bank acquired rights to provide the loan by winning in Latvijas Gāze tender for re-financing of capital investments.

Newly-elect Austrian President – Estonian «refugee child»

The mother of Alexander Van der Bellen, who received most votes in the Austrian presidential election on December 4, was Estonian and his parents fled the Baltic country in 1940.

More expensive alcohol and fuel causes price rise in Estonia

Over the past year, a small consumer price increase has been registered in Estonia – from November 2015 to November 2016 the country’s consumer price index has risen by a percent. Statisticians evaluate that the key factors behind it have been more expensive fuel, alcohol and tobacco.

Politicians urge finance minister to step down because of deputy quotas

Because of unwillingness to act, the state plans to cancel the introduction of mandatory social fees and increase micro-enterprise tax from 9% to 15%, states political party For Latvia’s Development. In addition, because of the irresponsible behaviour and lack of proper organization of important tasks, the party expresses distrust to Finance Minister Dana Reizniece-Ozola, asking her to step down.

Lembergs to continue testifying in his criminal case

On Thursday, 8 December, Riga Regional Court will continue viewing the criminal case launched against Aivars Lembergs.

Apple explains iPhone «fires» pointing to external factors

Reacting to reports that a number of iPhone users has have experienced battery «fires», U.S. tech giant Apple has this week blamed external factors, not the parts of the device for the accidents.

Prohibition to serve abroad and other decisions viewed by the Saeima this week

On Thursday, 8 December, the Saeima will decide on amendments to the National Security Law aimed at prohibiting Latvian citizens and non-citizens from serving in foreign army, police and security institutions. Changes are necessary to reduce the possible security risks related to military service in third countries.

Stake of Russian oil giant to be sold for billions

Russian government stated on December 7 that British commodities trader Glencore and Qatar's sovereign wealth fund are jointly acquiring a 19.5% stake in Rosneft, Russia's largest oil firm.

This year marked a surge in corporate lending in Latvia

In the first three quarters of 2016, Latvian enterprises were provided with bank loans for a total amount of 1.4 billion euros, which is 40% more when compared with the first nine months of 2015, according to estimates from the Latvian Association of Commercial Banks and Finance and Capital Market Commission.

EU auditors don’t know, where billions allocated to Ukraine were spent

The European Union over the recent years transferred billions of euros to Ukraine, for the most part as direct budget support and yet EU’s European Court of Auditors stated on December 6 it was unable to say how the money was spent.

Newest comments