Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday January 08 2020, @09:52PM   Printer-friendly
from the not-the-first-time dept.

Samsung Devices Allegedly Use Qihoo 360 Spyware to Phone Home to China

Samsung Phones Said to Come with Chinese "Spyware" Phoning Home

Samsung phones and tablets allegedly come with what is being described as "spyware" that communicates with Chinese servers regularly.

A reddit thread that has gone viral includes a closer look at a feature called Device Care and available on all Samsung phones and tablets.

As Samsung itself confirms, the "Storage" module of Device Care is "powered by 360," but no information is provided as to why it phones back home to China.

While Qihoo 360, the company that Samsung points to, has previously been involved in several privacy scandals that included hidden data collection, little is known about what's happening on phones and tablets developed by the South Korean manufacturer.

Chinese Spyware Found On All Samsung Phones

A fan of Samsung phones has discovered Chinese spyware which is installed by default by Samsung, can't be removed, and for which has been sending packets to Chinese addresses. The storage scanner in the Device Care section of Samsung phones is a mandatory software install protected by the system making it hard to remove. No comment has been made by Samsung about why it includes this spyware in its main line of mobile phones.

Do you packet sniff your phone to find out where it is sending your data?


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Thursday January 09 2020, @03:46PM (5 children)

    by DannyB (5839) Subscriber Badge on Thursday January 09 2020, @03:46PM (#941457) Journal

    A firewall stops incoming packets, not outgoing.

    But then you describe some cases of stopping outgoing packets. Under various conditions. (and I'm not trying to be disagreeable or critical)

    Stopping outgoing packets seems like a very worthwhile thing for a firewall or border gateway to do. Certainly by a blacklist (or whitelist?) of target IP addresses. But also by port / IP address of an internal system sending those packets to the outside. For example, why is our web server, unsolicited, sending packets to some outside system? Has it been hacked?

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by RS3 on Thursday January 09 2020, @05:22PM

    by RS3 (6367) on Thursday January 09 2020, @05:22PM (#941511)

    Sorry, I was trying to not write a book. I figure most people here have set up, or at least poked around in a home gateway (router) and seen the settings for firewall.

    At the simplest it's usually:

    1) no firewall- all ports open both ways,
    2) all incoming ports are blocked, all outgoing are open, which is a typical default,
    3) all incoming are blocked, and most outgoing are blocked, except pop3, imap, ftp, http, https, ...

    Some gateways have a "gaming" mode where they open specific ports used in multi-player games.

    If malware wants to send (outbound) data over port 80 or 443, you can't stop it by port blocking, or you have no web access. You'd need to determine that you have malware (possibly baked in), determine what IP address it's sending to, and block that IP address. Some gateways allow some IP address blocking, some don't.

    If you block all outgoing ports, you have zero connection to the Internet, so just unplug- it's easier and cheaper.

  • (Score: 2) by RS3 on Thursday January 09 2020, @05:31PM (2 children)

    by RS3 (6367) on Thursday January 09 2020, @05:31PM (#941516)

    Just to clarify and reiterate, most gateways/routers do firewalling, and the default is usually to block all incoming ports, but leave all outgoing open, and my first post was in that context. Sorry for my lack of clarity. You get what you pay for, etc...

    • (Score: 2) by DannyB on Thursday January 09 2020, @06:45PM (1 child)

      by DannyB (5839) Subscriber Badge on Thursday January 09 2020, @06:45PM (#941540) Journal

      No refunds I presume. :-)

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by RS3 on Thursday January 09 2020, @07:00PM

        by RS3 (6367) on Thursday January 09 2020, @07:00PM (#941550)

        All work-product is guaranteed until it breaks.

  • (Score: 2) by jasassin on Friday January 10 2020, @07:22PM

    by jasassin (3566) <jasassin@gmail.com> on Friday January 10 2020, @07:22PM (#941992) Homepage Journal

    Stopping outgoing packets seems like a very worthwhile thing for a firewall or border gateway to do. Certainly by a blacklist (or whitelist?) of target IP addresses.

    You nailed it right there. Whitelist. It's the only way to be sure, and you'll have a nightmare whitelisting IP's to restore a semblance of functionality.

    --
    jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A