Palo Alto Networks has got some not so good news for us: Coolpad has been found to have a backdoor in millions of Android devices sold by the company. The China-based smartphone manufacturer has what they call the CoolReaper, a backdoor that exposes device users to potential malicious activities. According to the the security firm, it appears that Coolpad installed the backdoor and is currently maintaing it despite the customer’s objections.
This issue was discovered by the Palo Alto Networks threat intelligence team. While it is not unusual for a phone manufacturer to add another software aside from the default Android mobile platform for customization, CoolReaper is doing more than the what is allowed.
Gathering of basic usage data is normal but CoolPad’s backdoor is collecting more data. According to Palo Alto Networks, Coolpad is using a modified version of Android so antivirus programs can’t detect the backdoor. So far, 24 phone models by CoolPad has this CoolReaper as discovered by Claud Xiao, a researcher in Palo Alto Networks. This is a massive threat to about 10 million people who own these CoolPad mobile devices.
The researchers said that CoolReaper can do a lot of things namely:
• Download, install, or activate any Android application without user consent or notification.
• Clear user data, uninstall existing applications, or disable system applications.
• Notify users of a fake over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications.
• Send or insert arbitrary SMS or MMS messages into the phone.
• Dial arbitrary phone numbers.
• Upload information about the device, its location, application usage, calling and SMS history to a Coolpad server.
The investigation on CoolPad started when customers started complaining about the possible vulnerability. The Android Security Team has also been notified of this security issue. But unfortunately, CoolPad has not yet responded to requests for assistance by Palo Alto Networks.
We’re hoping CoolPad will make a sound explanation very soon. For now, CoolPad device owners are requested to be more careful in sharing important and private information. Let’s see how this story will unfold.