Coolpad Devices Contain ‘Deliberate’ Backdoor For Hackers

Chinese device manufacturer Coolpad is at the centre of controversy after an American security firm warned that its Android smartphones and tablets have a deliberate backdoor.

The backdoor was discovered by Palo Alto Networks. The IT security firm has dubbed the flaw, which allows hackers to access user information on the device, as the CoolReaper backdoor.

Deliberate Backdoor

The allegation is very serious considering that Coolpad is the world’s sixth largest maker of smartphones, and the third largest in China alone. Indeed, according to IDC, in China it outsells Apple and Samsung and is beaten only by Xioami and Lenovo.

But what makes Palo Alto’s warning even more serious is that the security firm alleges that it is Coolpad itself which installed and operated the backdoor.

The security firm said it investigated after it had reviewed Coolpad complaints on message boards about suspicious activities on Coolpad devices.

The security firm said it then downloaded multiple copies of the stock ROMs used by Coolpad phones sold in China. “We found the majority of the ROMs contained the CoolReaper backdoor,” said the firm.

So what does the backdoor allow? Well according to Palo Alto Networks, the backdoor is so serious it could allow for the download, installation and activation of any Android application without user consent or notification. The backdoor could also clear user data, uninstall existing applications, or disable system applications, and it can notify users of a fake Over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications.

And it doesn’t stop there. The backdoor can also send or insert arbitrary SMS or MMS messages into the phone, dial arbitrary phone numbers, and upload information about device, its location, application usage, calling and SMS history to a Coolpad server.

Global Threat

“We expect device manufacturers to install software on top of Android that provides additional functionality and customisation, but CoolReaper does not fall into that category,” said Palo Alto Networks. “Some mobile carriers install applications that gather usage statistics and other data on how their devices are performing. CoolReaper goes well beyond this type of data collection and acts as a true backdoor into Coolpad devices.”

It said that Coolpad customers in China have reported installation of unwanted applications and push-notification advertisements coming from the backdoor. “Complaints about this behaviour have been ignored by Coolpad or deleted,” the security firm said.

It also said that the Chinese manufacturer had also modified the Android OS contained in many of their ROMs, which were specifically tailored to hide CoolReaper components from the user and from other applications operating on the device.

At the moment, the known impact of CoolReaper thus far is limited to China and Taiwan, but as the company sells its devices globally, this backdoor present a very real threat to Android users all over the world.

As the news of the backdoor spread, shares in Coolpad have reportedly fallen in Hong Kong trading. It remains to be seen how the company responds.

How much do you know about the iPhone? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

1 hour ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

2 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

3 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

5 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

8 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

8 hours ago