Amazon suspends sales of Blu phones over spyware allegations (Update)

midian182

Posts: 6,068   +50
Staff member

Update (8/5): Amazon has resumed selling some Blu phones after reviewing information sent by the maker. Meanwhile Blu has announced they're getting relisted calling it a "false alarm," it must be harsh to be out of Amazon if you're a small phone manufacturer.

Back in November last year, security firm Kryptowire discovered spyware on some unlocked budget Android handsets made by US manufacturer Blu Products. Sales were halted for a month, but it seems that wasn’t the end of the matter. Amazon has just suspended the company from selling on the site, again, because the malicious software is apparently still present.

The app in question is developed by a Chinese firm called Shanghai Adups Technology Company. Kryptowire researchers discovered it was collecting user data from the Blu R1 HD phone and surreptitiously sending it to servers in China.

During last week’s BlackHat security conference in Las Vegas, Virginia-based Kryptowire said certain Blu phones still contained the spying software, which it claims makes the handsets vulnerable to remote attacks, as well as call and text logging.

"They replaced [the malware] with nicer versions. I have captured the network traffic of them using the command and control channel when they did it," said Kryptowire co-founder Ryan Johnson. He found the information being sent overseas included what apps were installed on the phone, MAC addresses, IMEI, phone numbers, and cell phone tower IDs.

A Blu spokeswoman denies the company has done anything wrong, stressing that it has "several policies in place which take customer privacy and security seriously.” Regarding the data collection, the company said:

The data that is currently being collected is standard for OTA functionally and basic informational reporting. This is in line with every other smartphone device manufacturer in the world. There is nothing out of the ordinary that is being collected, and certainly does not affect any user’s privacy or security […] Regarding that some information may be stored in China servers, their privacy policy clearly states that some of the data collected can be stored in servers outside the US, there is absolutely nothing wrong with having a server in China.

But it seems Amazon isn’t happy with Blu’s explanation. The retail giant told CNET that "because [the] security and privacy of our customers are of the utmost importance,” it has stopped sales of Blu handsets.

Permalink to story.

 

Skidmarksdeluxe

Posts: 8,645   +3,281
"has several policies in place which take customer privacy and security seriously.”
Now where have I heard/seen/read that comment whenever a company gets hacked/compromised due to their non existent or lax security, or just installing nasties as per this article?
It seems to be the standard response when the spokesperson is put on the spot and dare not speak the truth in fear of repercussions.
It remind me of politicians saying "That's a very good question" when they don't know how to answer a question or are just about to feed you a blatantly BS line... which is 99.9999% of the time.
 

kapital98

Posts: 333   +261
"has several policies in place which take customer privacy and security seriously.”
Now where have I heard/seen/read that comment whenever a company gets hacked/compromised due to their non existent or lax security, or just installing nasties as per this article?
It seems to be the standard response when the spokesperson is put on the spot and dare not speak the truth in fear of repercussions.
It remind me of politicians saying "That's a very good question" when they don't know how to answer a question or are just about to feed you a blatantly BS line... which is 99.9999% of the time.
It's not like that at all. Amazon is using Blu as a subcontractor to get their Prime subsriptions to people. The $50 Blu phone through Prime is an amazing deal. But if Blu doesn't work, they can find someone else. They already have the Moto series for the slightly higher end. It's a really good business model IMO. If the suppliers aren't living up to their contract, Amazon will find someone else.

--

Related: The Blu phones are incredible value. But maybe one reason they are so cheap is because they are getting shady kickbacks for having malware? It wouldn't be too surprising considering their razor thin profit margins on each phone.
 

Darth Shiv

Posts: 2,063   +654
"has several policies in place which take customer privacy and security seriously.”
Now where have I heard/seen/read that comment whenever a company gets hacked/compromised due to their non existent or lax security, or just installing nasties as per this article?
It seems to be the standard response when the spokesperson is put on the spot and dare not speak the truth in fear of repercussions.
It remind me of politicians saying "That's a very good question" when they don't know how to answer a question or are just about to feed you a blatantly BS line... which is 99.9999% of the time.
Yep but it's extremely hypocritical when Google, Amazon, Apple, basically ALL US security agencies are guilty of this. Also ALL five eyes countries.

This actually makes me very unhappy with Amazon.