German authorities warn of pre-installed malware in tablets, smartphones
The affected devices are the Eagle 804 tablet manufactured by Krueger&Matz, the S8 Pro smartphone produced by Ulefone and Blackview's A10 smartphone, all of which can be purchased via online platforms.
Germany's information security authorities had ordered the products online and subsequently analyzed them.
"The BSI has informed the manufacturers of the devices about the findings and requested them to take appropriate measures to restore the safety of their customers," BSI President Arne Schoenbohm stated, adding that the German authorities were "currently unable to do more."
The preinstalled malware detected on the Eagle 804 tablet would contact a "well-known command and control server". The malware would send device data to the server, and it also has a reloading function, which means that once the malware is on the device, further malware with different functions could be transferred undetected. According to BSI, such malware would also be used for spying on personal bank data.
In the current version, the two affected smartphones are delivered without malware. However, the manufacturers are offering firmware with a lower version number for download, which contains the detected malware. According to BSI, it can therefore be assumed that smartphones already purchased would be affected.
The data obtained by the German information security authorities indicate that more than 20,000 connections of individual German IP addresses are being established per day via the command and control server.
According to BSI, it must be "assumed that devices with this malware variant are more widespread in Germany".
Back in October 2018, the British IT company Sophos reported similar malware problems with Ulefone S8. Sophos noted that if a smartphone is too cheap, it might be "at the cost of other people's privacy."
"Once again, this case clearly shows that price cannot be the only criterion for a purchasing decision. Otherwise, users may pay significantly more with their data or through fraudulent activities," Schoenbohm concluded. ■