Sprint Sold Phone With Chinese Malware, Cybersecurity Firm Claims



According to cybersecurity firm Malwarebytes, one of Sprint's prepaid brands sold a phone that carried not one but two pre-installed, malicious applications developed in China. And if that isn't bad enough, Sprint used subsidies from the US government to sell the phone to low-income Americans.

Sprint, however, disputes the allegations. "We are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware," the operator said in a statement to Light Reading, without providing details.

As noted in his lengthy post on the topic, Malwarebytes' security researcher Nathan Collier said he purchased the Unimax U686CL Android smartphone from Sprint's Assurance Wireless brand. The brand, run by Sprint as a subset of its soon-to-be-discontinued Virgin Mobile prepaid brand, receives subsidies from the US government's Lifeline program, which is designed to help low-income Americans on programs like food stamps get access telecommunications services.

The U686CL is not listed under Assurance Wireless's supported phones, but the brand does offer other phones from well-known Chinese brands, including ZTE and Coolpad.

Malwarebytes' Collier said that two of the Android applications on the Unimax phone -- applications that were already installed in the phone when he purchased it from Sprint's Assurance Wireless -- closely resemble malware from China.

Specifically, the "Wireless Update" Android application on the phone is intended to provide updates to the Android operating system, but Collier wrote that "it is also capable of auto-installing apps without user consent."

"The app is actually a variant of Adups, a China-based company caught collecting user data, creating backdoors for mobile devices and, yes, developing auto-installers," Collier wrote.

The other potentially malicious app is the device's own Settings function.

Collier noted the code in the phone's Settings app appeared to contain heavily obfuscated malware that originated in China and is designed to retrieve advertising malware called HiddenAds. Collier said that Malwarebytes was not able to get the Settings app to access the additional advertising malware, but that "our users have reported that indeed a variant of HiddenAds suddenly installs on their UMX mobile device."

What this means
Given that Sprint disputes Malwarebytes' findings, it's difficult to assess exactly what's going on here.

That said, the news certainly hits on some hot topics in the telecommunications industry, the wider technology sector and the global geopolitical landscape in general. That's because the Trump administration is locked in a bitter trade war with China, and is also embarking on a campaign to block China's Huawei from the global 5G market. US officials argue that Huawei's telecommunications equipment -- including its phones and its networking gear -- can be used by the Chinese government for espionage. Huawei has loudly disputed that allegation.

What is clear though is that as the world becomes increasingly digitized, hacks and cyber attacks are becoming increasingly common from both private and state-sponsored sources. And this situation will continue to drive attention in cybersecurity on individual, corporate and national levels.

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

Copyright © 2020 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved.
Privacy Policy | Cookie Policy | Terms of Use