Amazon is suspending sales of Blu handsets due to a “potential security issue” after security firm Kryptowire determined that a particular model, the R1 HD, contained spyware that would transmit user data to a server in China. The phones were allegedly transmitting a list of apps installed, apps used, unique device identifiers, including the MAC address and IMEI number, the phone number, and cell phone tower ID.



…at the Black Hat security conference last week, Kryptowire demonstrated that Adups was still transmitting users’ private data and featured a command-and-control server capable of installing apps, taking screen shots, recording the screen, making calls, and wiping devices without the user’s permission. Kryptowire had singled out the Blu R1 HD, which is available for $60 on Amazon, for harboring Adups software. According to Kryptowire co-founder Ryan Johnson, Adups replaced its firmware with “nicer versions” but said further analysis in May of another Blu model found Adups was still making the same mistakes, describing it as a “huge invasion of privacy”.

Discussion

Source: [H]ardOCP – Amazon Halts Blu Phone Sales over “Potential Security Issue”