Loading...

An Android phone subsidized by the US government for low-income users is pre-installed with malware that cannot be removed without the device ceasing to work, researchers reported Thursday.

ARS TECHNICA

This story originally appeared on Ars Technica, a trusted source for technology news, technology policy analysis, assessments and more. Ars is owned by WIRED’s parent company, Condé Nast.

The UMX U686CL is supplied by the Virgin Mobile Assurance Wireless program. Assurance Wireless is a spur of the Lifeline Assistance program, a plan of the Federal Communications Commission that makes free or government-subsidized telephone service available to millions of low-income families. The program is often called the Obama telephone because it expanded in 2008 when President Barack Obama took office. The UMX U686CL runs on Android and is available for $ 35 for qualified users.

Researchers from Malwarebytes said on Thursday that the device comes with some nasty surprises. Representatives of Sprint, the owner of Virgin Mobile, meanwhile said they did not believe the apps were harmful.

The first is heavily obscured malware that can install adware and other unwanted apps without the user’s knowledge or consent. Android / Trojan.Dropper.Agent.UMX contains striking similarities with two other trojan droppers. First, it uses identical strings and almost identical code. And for another, it contains an encrypted string that, when decoded, contains a hidden library named com.android.google.bridge.Liblmp.

Once the library is loaded in memory, the software is installed Malwarebytes calls Android / Trojan.HiddenAds. It displays ads aggressively. Malwarebytes researcher Nathan Collier said that company users have reported that the hidden library is installing a variant of HiddenAds, but the researchers were unable to reproduce that installation, possibly because the library is waiting for some time before doing so.

The malware that installs these programs is hidden in the settings app of the phone. That makes it virtually impossible to remove because the phone cannot work properly without it. “Uninstall the Settings app and you’ve just created a pricey paper weight,” Collier wrote.

The second unpleasant surprise of the UMX U686CL is something called Wireless Update. Although it provides a mechanism for downloading and installing phone updates, it also loads a barrage of unwanted apps. The app is a variant of Adups, an app from a company based in China with the same name. In 2016, researchers secretly caught Adups collecting user data on hundreds of thousands of cheap BLU telephones.

“From the moment you log in to the mobile device, Wireless Update starts installing apps automatically,” Collier said. “To repeat: no user permission has been collected, no buttons to click to accept the installations, it only installs apps on its own.”

Although all installed apps that Malwarebytes examined were clean and free of malware, the presence of a feature that automatically installs apps is an unacceptable risk, especially since removing the feature prevents the phone from receiving updates. Collier’s post has classified Wireless Update as malware, but Jérôme Segura, head of intelligence at Malwarebytes, told me that the actual classification is a PUP or potentially unwanted program because there are no indications that the installed apps are harmful.

In any case, the two apps analyzed by Malwarebytes make the use of the UMX U686CL a bad choice. The fact that it is made available to low-income users only makes the insult worse. Malwarebytes said it has informed Assurance Wireless of its findings and asked why the phone it sells comes pre-installed malware. No one has responded so far. In an email, Sprint officials said: “We are aware of this problem and are in contact with the manufacturer of the Unimax device to understand the cause, but after our initial tests, we do not believe that the media applications described malware. “

It is not difficult to find online discussions like this that complain about irritating displayed advertisements and apps that are automatically installed on the device without the user’s permission. A similar thread discusses advertisements that are displayed on the home screen even when a browser is not running.

Over the years, pre-installed malware has been found on a large number of cheap Android phones from different providers and manufacturers. An incomplete list contains a back door on hundreds of thousands of BLU devices, a powerful back door and rootkit also on BLU devices and secret downloaders on 26 different phone models from different manufacturers.

It seems that the price that people often pay for cheap phones damages safety and privacy. Although many users may not be able to afford them, it is probably a better choice to buy phones from regular and well-known providers outside of China.

This story originally appeared on Ars Technica.

More great WIRED stories

.