Samsung Phones Said to Come with Chinese "Spyware" Phoning Home
Samsung phones and tablets allegedly come with what is being described as "spyware" that communicates with Chinese servers regularly.
A reddit thread that has gone viral includes a closer look at a feature called Device Care and available on all Samsung phones and tablets.
As Samsung itself confirms, the "Storage" module of Device Care is "powered by 360," but no information is provided as to why it phones back home to China.
While Qihoo 360, the company that Samsung points to, has previously been involved in several privacy scandals that included hidden data collection, little is known about what's happening on phones and tablets developed by the South Korean manufacturer.
A fan of Samsung phones has discovered Chinese spyware which is installed by default by Samsung, can't be removed, and for which has been sending packets to Chinese addresses. The storage scanner in the Device Care section of Samsung phones is a mandatory software install protected by the system making it hard to remove. No comment has been made by Samsung about why it includes this spyware in its main line of mobile phones.
Do you packet sniff your phone to find out where it is sending your data?
(Score: 2) by DannyB on Thursday January 09 2020, @03:46PM (5 children)
But then you describe some cases of stopping outgoing packets. Under various conditions. (and I'm not trying to be disagreeable or critical)
Stopping outgoing packets seems like a very worthwhile thing for a firewall or border gateway to do. Certainly by a blacklist (or whitelist?) of target IP addresses. But also by port / IP address of an internal system sending those packets to the outside. For example, why is our web server, unsolicited, sending packets to some outside system? Has it been hacked?
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 2) by RS3 on Thursday January 09 2020, @05:22PM
Sorry, I was trying to not write a book. I figure most people here have set up, or at least poked around in a home gateway (router) and seen the settings for firewall.
At the simplest it's usually:
1) no firewall- all ports open both ways,
2) all incoming ports are blocked, all outgoing are open, which is a typical default,
3) all incoming are blocked, and most outgoing are blocked, except pop3, imap, ftp, http, https, ...
Some gateways have a "gaming" mode where they open specific ports used in multi-player games.
If malware wants to send (outbound) data over port 80 or 443, you can't stop it by port blocking, or you have no web access. You'd need to determine that you have malware (possibly baked in), determine what IP address it's sending to, and block that IP address. Some gateways allow some IP address blocking, some don't.
If you block all outgoing ports, you have zero connection to the Internet, so just unplug- it's easier and cheaper.
(Score: 2) by RS3 on Thursday January 09 2020, @05:31PM (2 children)
Just to clarify and reiterate, most gateways/routers do firewalling, and the default is usually to block all incoming ports, but leave all outgoing open, and my first post was in that context. Sorry for my lack of clarity. You get what you pay for, etc...
(Score: 2) by DannyB on Thursday January 09 2020, @06:45PM (1 child)
No refunds I presume. :-)
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 2) by RS3 on Thursday January 09 2020, @07:00PM
All work-product is guaranteed until it breaks.
(Score: 2) by jasassin on Friday January 10 2020, @07:22PM
You nailed it right there. Whitelist. It's the only way to be sure, and you'll have a nightmare whitelisting IP's to restore a semblance of functionality.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A