Palo Alto Networks warns that Android devices from Coolpad contain a deliberate backdoor for hackers
Chinese device manufacturer Coolpad is at the centre of controversy after an American security firm warned that its Android smartphones and tablets have a deliberate backdoor.
The backdoor was discovered by Palo Alto Networks. The IT security firm has dubbed the flaw, which allows hackers to access user information on the device, as the CoolReaper backdoor.
The allegation is very serious considering that Coolpad is the world’s sixth largest maker of smartphones, and the third largest in China alone. Indeed, according to IDC, in China it outsells Apple and Samsung and is beaten only by Xioami and Lenovo.
But what makes Palo Alto’s warning even more serious is that the security firm alleges that it is Coolpad itself which installed and operated the backdoor.
The security firm said it then downloaded multiple copies of the stock ROMs used by Coolpad phones sold in China. “We found the majority of the ROMs contained the CoolReaper backdoor,” said the firm.
So what does the backdoor allow? Well according to Palo Alto Networks, the backdoor is so serious it could allow for the download, installation and activation of any Android application without user consent or notification. The backdoor could also clear user data, uninstall existing applications, or disable system applications, and it can notify users of a fake Over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications.
And it doesn’t stop there. The backdoor can also send or insert arbitrary SMS or MMS messages into the phone, dial arbitrary phone numbers, and upload information about device, its location, application usage, calling and SMS history to a Coolpad server.
“We expect device manufacturers to install software on top of Android that provides additional functionality and customisation, but CoolReaper does not fall into that category,” said Palo Alto Networks. “Some mobile carriers install applications that gather usage statistics and other data on how their devices are performing. CoolReaper goes well beyond this type of data collection and acts as a true backdoor into Coolpad devices.”
It said that Coolpad customers in China have reported installation of unwanted applications and push-notification advertisements coming from the backdoor. “Complaints about this behaviour have been ignored by Coolpad or deleted,” the security firm said.
It also said that the Chinese manufacturer had also modified the Android OS contained in many of their ROMs, which were specifically tailored to hide CoolReaper components from the user and from other applications operating on the device.
At the moment, the known impact of CoolReaper thus far is limited to China and Taiwan, but as the company sells its devices globally, this backdoor present a very real threat to Android users all over the world.
As the news of the backdoor spread, shares in Coolpad have reportedly fallen in Hong Kong trading. It remains to be seen how the company responds.
How much do you know about the iPhone? Take our quiz!