All spies would need to do is send a special text message and they will be able to gain access to the camera and its microphones, the BBC reported Snowden as saying. The tool will stop people from recognising that the phone has been tampered with if it is taken in for a service, for instance. You paid for it [the phone] but whoever controls the software owns the phone. You can find our Community Guidelines in full here. Want to discuss real-world problems, be involved in the most engaging discussions and hear from the journalists?
Start your Independent Premium subscription today. Independent Premium Comments can be posted by members of our membership scheme, Independent Premium. It allows our most engaged readers to debate the big issues, share their own experiences, discuss real-world solutions, and more. Our journalists will try to respond by joining the threads when they can to create a true meeting of independent Premium. The most insightful comments on all subjects will be published daily in dedicated articles. You can also choose to be emailed when someone replies to your comment.
The existing Open Comments threads will continue to exist for those who do not subscribe to Independent Premium. Due to the sheer scale of this comment community, we are not able to give each post the same level of attention, but we have preserved this area in the interests of open debate.
Please continue to respect all commenters and create constructive debates. Subscribe Now Subscribe Now.
How to Spy on a Cell Phone without Accessing the Target Phone?
Final Say. Long reads. Lib Dems. US Politics. Theresa May. Jeremy Corbyn. Robert Fisk. Mark Steel. Janet Street-Porter. John Rentoul. Chuka Ummuna. Shappi Khorsandi. Gina Miller. Our view. Sign the petition. Spread the word. Steve Coogan. Rugby union. Motor racing. US sports. Rugby League. Movers List. Geoffrey Macnab. Tech news. Tech culture. News videos. Explainer videos. Sport videos. Black Friday. Money transfers. Health insurance. Money Deals. The Independent Books.
Voucher Codes. Just Eat. National Trust. Premium Articles. Subscription offers. Subscription sign in. Read latest edition. How do I generate a list like this? Login to android shell using adb. More specifically: adb shell pm list packages You can sort it alphabetically by piping it through the "sort" command, like this: adb shell "pm list packages sort". It's also really hard to read your writing when what should be an entire paragraph is one sentence. Please don't assume this is a one-time event, or that it is specific to this brand or even to Chinese manufacturers. Nokia could actually be in the best half on that aspect, just got unlucky.
Most of such info leaks are hidden. I've already witnessed several OEM firmwares sending informations to many different parties. Too often, this is done through http, with payload encrypted. But it's always symmetrical encryption, and the encryption key can be computed from the fields in clear in the request.
Get Into Other Person on Facebook
Such techniques are enough to stay under the radar of classic MITM, and require hard reverse engineering work to detect. I've noticed such behaviours on major Chinese OEMs, and white-label brands. I never did actual reverse engineering on more western-ish brands, but the little I've seen doesn't look good. If you're worried about this situation I do , I recommend you start lobbying about mandatory bootloader unlock, and easier OS replacement on smartphones. Personally my work in this ecosystem is to make the Phh-Treble ROM, which is most likely the Android ROM with the largest hardware support even though it requires the phone to be natively running Android 8 at least , and it is opensource.
Why is there such a permission in the first place? Google Play and F-droid require it in order to update apps automatically. Essentially, you give one app a permission to install other apps. Whether it notifies you or not, it's up to the app. As mentioned, there are updates, but then you could have an upgrade-specific permission there isn't one. But even when simply installing, check the workflow that the play store currently have: When you click "install" in the play store, you don't really want interactions far in the future about it.
So the apps' permissions are asked right away. Without this silent install permission, you would have a pop-up at the end of the download which can be between few seconds after clicking "install" to several hours if you're unlucky and downloading a big app , asking you to confirm the installation. I have Kindle installed and recently installed audible - after installing audible, I noticed I got Prime Video haven't been a subscriber for a while. Digital Turbine. This has to be fixed by HMD and I hope for an official investigation as most other manufacturers are probably doing the same.
In the meantime, I recommend the following: 1. This should be fixed at an even higher level, and have Google force manufacturers to not add or alter the base OS for any data-gathering reasons in Android One and deny them from using the Android One brand if they do, or people will lose faith about the Android One program. UncleEntity 7 months ago. That, my friend, would be abusing their monopoly position. Google hoovers up all the data and tells their partners they can't do this too?
The antitrust regulators would have a field day. Of course there is almost guaranteed to be other spyware on the phone serving the curiosity of the same and different masters, like Google. Google should revoke their use of the AndroidOne trademark over these shenanigans. Thank you for linking Shelter, I had no idea that was possible and that easy software for it existed! You suggest installing userspace apps to control system software that might run in a privileged context. NoRoot Firewall, for example, doesn't control iptables, it just pretends to be a VPN server and privileged software, I assume, can bypass it.
Yes, I'm fully aware of this. There's also the problem of having a closed source baseband processor in pretty much every device. But bypassing these mechanisms is a decision they had to make. If they're just lazy or incompetent, these userspace apps should be sufficient as a mitigation. According to the explanation about permissions within NoRoot Firewall itself, any app with the 'Internet' permission can create connections to bypass the VPN.
All of the Android One mobiles appear on the top list of their Android One microsite and I'm sure most of them contain malware built-in. Yeah, Android One is a bit of a joke really. I got a Nokia 7 Plus on the promise that it would have fast updates, be bug free, and not contain any OEM modifications.
None of those have really been true. Admittedly, updates are still a bit faster than the likes of Samsung and other big OEMs, but the process has shown that it's not as simple as Google rolling out the updates. OEMs still make changes to it, and it still seems dependent on carriers pushing through the changes - despite buying a SIM free phone, I waited 2 months longer for updates, which seemed to be the case with everyone on the same network in the UK.
It's far from bug free, with a few updates in the last few months introducing new bugs. Again, it shows that this isn't an update coming directly from Google, it is at least in some part developed and tweaked by OEMs. They also introduced their own battery optimisation software a few months ago, which massively changed how the phone handled multitasking and background applications effectively, it killed them all.
And then this news that they're sending unencrypted identifiable information to a third party? These things shouldn't be possible if Android One did what it claimed. I avoid OEMs like Samsung because of all the bloat and junk that they add on top of Android, but Android One is clearly not a solution to that. I would still prefer it in theory in the alternatives, but I'll do more research next time - if a company doesn't have a proven track record, then Android One isn't going to solve that.
One minor point - Nokia the company isn't involved in the Nokia Android phones. HMD is just a small company that licenses the brand. Admittedly, a small company that was founded by ex-Nokia folk and based across the road from Nokia's HQ, but it's evidently not a company with Nokia's resources or much of their expertise. After installing the security updates, WiFi only works once after a reboot, the moment you disable it, you have to either sludge forward with modem speeds on 2. Only common thing with these "fixes" is the reboot; so far it is the only thing that will fix the WiFi but turn it off once and you're boned.
Similar issues are noticeable with the WiFi AP: first try after boot works just fine, next one you have to try to force 2. After this, you are very likely in need of a reboot as the AP will no show up. After this breach of privacy and data security, along with the WiFi issues, I'm slowly starting to lean towards filing a complaint to either HMD or the local customer protection agency here. Worst of all, the support forum topics I've checked somewhat regularly on have no official replies from HMD or Nokia, only second-hand information from people who have been in touch with support.
This really stings. I purposefully chose a Nokia for exactly these reasons - Android One and European. Not sure whether it is public knowledge where they buy the SW from. Of course the Google part is known, but I assume the application reported here is not from Google. HMD is just license holding company with nothing but lots of managers as employees. All of their software development is outsourced to Finnish and foreign companies. I know some of those people in Finland who worked in these outsourcing companies, but they just worked on the more high level components like Android apps etc.
Not with bootloaders or OS images. The firmware for my 7 Plus is littered with packages named "com. ChrisSD 7 months ago.
Spy through bluetooth for nokia 7
You're right. My Android One Nokia 7. There's no docs on any of them as far as I can tell so you can only guess from the name what they do. I only did it as a test so I might have missed something. Also I'm in the UK, if that makes a difference. I've got a Nokia 8 also bought in the UK with the Evenwell system apps as well, and I haven't noticed any unusual domains in my Pi-hole logs at home.
I wonder if it's only specific country builds that display this behaviour? In addition to this, your carrier can't distinguish legitimate traffic generated by you from malicious traffic generated by these applications. How can I check it? You have the problematic application: com. This was through a legit high-stret UK retailer so not grey-import or anything.
I installed NoRoot Firewall as suggested in another comment here. So far NoRoot Firewall has not detected any activity from anything unusual running in the background either idle, screen-on, or charging.
What was weird though was that if I open the Nokia camera app, it tries to talk to edge-star-shvlhr-facebook. I believe this is due to the facebook live-broadcasting feature built into the Nokia camera app, although I have not got it logged in so not sure why it is phoning home just when I open the app. I'll keep running foir a few more days I cant use my usual VPN at the same time as NoRoot Firewall so dont want to run indefinitely and udpate if anything else happens. Very nice of the Chinese military to choose a.
A phone with most of it components bought from China and in one of the many configurations just copied from the supplier's examples there was an URL which was supposed to be changed but didn't. In other words - a non-story or at most a story about quality issues at the reborn Nokia. But luckily the URL pointed to China I don't really think this is because of racism; I mostly just think it is because we are idiots that prefer big hyperboles rather than simple explanations of non-issues.
It's more than just that; the Android build comes littered with software from an unscrupulous source, even on phones that are supposed to be close to a clean version of Android. Why do you assume they the presumely Chinese provider of the component are unscrupulous? To me it is obvious that it is Nokia that is sloppy and having quality issues.
Why do you assume it's simply laziness? Regardless, it's not good. Why is there a Chinese flag in the article and not a Finnish flag? Because it gives more attention. The real story here is that the venerable brand of Nokia now is being used to sell sub-quality phones. Because the service and server in question are in China? Look I understand being skeptical of the narrative, but that's where the data was going. Nokia isn't being shielded in the article. Comments like this are a bannable offense on HN. Three ways actually: nationalistic flamewar, personal attack, and insinuation of astroturfing.
Please don't do any of these here again. I agree with your assessment that this was likely unintentional, although it doesn't seem like they forgot to change the URL, but rather that the whole component should have been disabled. My Chinese is unfortunately not good enough to easily find information on it. I don't speak Chinese. And you are right; it looks like something specific to China Telecom that should be completely removed. It is kind of ironic for me to think my perception of Android as same as Windows as major malware distributor despite it is based on Linux.
Android is now fast becoming Windows XP of mobile. My Android phone came with a weather app preinstalled. The app cannot be uninstalled, is full of translation errors and some links redirect to Chinese websites. Who knows what data my phone constantly sends there? Adding to that the fact that I don't receive system updates anymore, I have absolutely no trust in my phone.
My next phone will be an iPhone, for the lack of better alternative. I don't have a previous experience so my reasoning was "well it's Samsung, at worst they'll have some shitty branded apps and some cruft". But I don't have an idea what these dozens of preinstalled apps running on my phone doing. Almost none of them can be uninstalled and only a handful can be disabled. It is kind of scary to use a banking app on this thing. Never felt this way on an iPhone. I wanted to see the Android side after years of iPhone use, apparently it is still shit. This is exactly why I am back on iPhone.
I have had enough of unremovable shitware.
I also value the simplicity of getting basic things done such as Bluetooth pairing. Stuff seems easier. The only thing slightly worse on iPhone is google 2fa, because it needs to use the gmail app. Not the GMail one. Not the original poster, but yes you're right. I use k9 mail and open keychain on android. What would be the equivalent on iPhone? My wife, who is not a tech person at all, flatly refuses to run any banking or financial apps on her Android phone.
She knows just enough about the technology to know that most Android devices are cesspools of spyware and malware, even her Galaxy phone. She doesn't like iPhones though, so I doubt she will ever go over to that side even for security's sake. Please have her order a Librem 5 for banking etc! No thank you, I lost faith in Purism after they continually misled their customers about the Librem 15 laptop. EvangelicalPig 7 months ago. To be fair, they did get Coreboot working after about 2 years from the time of that post but it's still not ideal, compared to a older Libreboot based system, performance not withstanding.
They did, but they never once apologized or admitted they misled customers about the laptop launching with Coreboot working and ME removed in fact their initial promise was that they somehow got Intel to make a ME-free chipset "just for them" which was a flat out lie. Lie to me and I'm done with you, especially over something as important as privacy and freedom.
It may now be closer to what they originally promised, but I no longer trust them. That's fair, and even "I" as a "partial supporter" think they need to tune down the marketing machine a bit. It's a shame because they're really the only company doing what their doing a fighting a chance at open source as possible and secure hardware. Ever try the phones from Google with pretty much nothing pre-installed? It is a much better experience, but yes Android is still proper shit in some ways. In others it has come so far. I never have to restart my phone like I had to for my Galaxy S1 every day.
I got a nokia because it's as close to pure android without a super expensive google phone and here we are I used to have Nokia Windows Phones and they were excellent I wonder if this was still going on back then? Give it time. I have a s8 I'm not using out of creep factor. Switched to a phone that supports lineageOS. Yizahi 7 months ago.
Oneplus preinstalled weather app doesn't work at all without access to my contacts and to device storage media. I'm also more and more thinking about switching to Apple, and paying premium for no hardware advantage, only due to fact that Apple collects and sells less information about me.
Not because it will change anything substantially but on principle.
More modifications by vendors and manufacturers, more preinstalled malware and bloatware, less customizations allowed. At least it's easy to take control of a PC and modify what you want including completely install a clean OS I did some research on zzhc. There is plenty of documentation in Chinese on how to implement it e. That makes it likely that sending the data was only due to a misconfiguration. Considering the long list of manufacturers starting at page 10 of , it's also possible that others are leaking data in the same way. But didn't get deleted when they are making EU variants.
Thanks for the links. Actually, I had seen one of those articles before, but didn't understand it well enough. My understanding now is that some 4G deployments are subsidized, and to correctly compute the amounts to be paid, China Telecom needs to collect more data than is usually available, so they came up with the idea of sending the data to zzhc.
Still pretty hacky, but it kind of makes sense from a perspective of doing the minimum necessary to fulfill the requirements. HenryBemis 7 months ago. This will catch anything running over the OS but I feel it wouldn't catch any rootkit. What information is missing in the article is "which app is leaking the data"? On all rooted android phones you can advise on uninstall xyz and be done with it. Then you can take screenshots and make a nice post in your blog. Unfortunately I don't own a Nokia 7 to do this myself.
Edit: just notice that autocorrect changed my: "adb pm uninstall XYZ". This is pretty damning. The fact that HMD don't come clean and admit they were required to load this software in order to sell to the Chinese market is a little odd. Maybe the Chinese require companies not to admit the backdoors they place. I think and assume part of the process, some Nokia Phones which were only meant to sold in China, or Software that were only meant to be installed in China's version of Nokia got muddled up into International version. If you have been following the Nokia's Android phone, you will know they have always been launching new phones in China first before making slight update or shipping exactly the same one to International Market.
So it could happen this is part of the logistics and Supply Chain mistep. I am giving Nokia the benefits of doubt here. Since HMD do have many original Nokia employees, it could be an oversight. So much for "Android One" RandomBacon 7 months ago. Shouldn't this be something that the NSA looks into and prevents? Shouldn't the NSA be analyzing consumer electronics to make sure they don't spy on US citizens, some of which will have sensitive information or trade secrets on their phones?
NSA is the world-wide espionage agency. They welcome these leaks. That's why security bugs found in Windows are first sent to NSA and later eventually to Microsoft to fix. Read more about Snowden's leaks, read stallman. They do warn the public, but people on this site say the warnings aren't real, and that it's just the government trying to hurt Chinese businesses.
Look at any of the threads about Huawei, it's mostly full of people saying that the warnings from western intelligence agencies are lies as part of a trade war. Aren't those companies tryig to get all the information they can about us? Perhaps they don't want to be "secured" because it costs money to do so.
Related spyware for hackd nokia 8
Copyright 2019 - All Right Reserved