Possible Spyware On Samsung Phones

January 9, 2020 by Bryan Cockfield 118 Comments

[Editor’s note: There’s an ongoing back-and-forth about this “spyware” right now. We haven’t personally looked into it on any phones, and decoded Wireshark caps of what the cleaner software sends home seem to be lacking — it could be innocuous. We’re leaving our original text as-run below, but you might want to take this with a grain of salt until further evidence comes out. Or keep us all up to date in the comments. But be wary of jumping to quick conclusions.]

Samsung may have the highest-end options for hardware if you want an Android smartphone, but that hasn’t stopped them from making some questionable decisions on the software they sometimes load on it. Often these phones come with “default” apps that can’t be removed through ordinary means, or can’t even be disabled, and the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.

This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint, which are discussed in the post.

These revelations came about recently on Reddit from [kchaxcer] who made the original claims. It seems to be fairly legitimate at this point as well, and another user named [GeorgePB] was able to provide a temporary solution/workaround in the comments on the original post. It’s an interesting problem that probably shouldn’t exist on any phone, let alone a flagship phone competing with various iPhones, but it does highlight some security concerns we should all have with our daily use devices when we can’t control the software on the hardware that we supposedly own. There are some alternatives though if you are interested in open-source phones.

Thanks to [kickaxe] for the tip!

Photo from Pang Kakit [CC BY-SA 3.0 DE (https://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]

Reverse Engineering Liberates Dash Cam Video

October 15, 2019 by Tom Nardi 12 Comments

If you’ve purchased a piece of consumer electronics in the last few years, there’s an excellent chance that you were forced to use some proprietary application (likely on a mobile device) to unlock its full functionality. It’s a depressing reality of modern technology, and unless you’re willing to roll your own hardware, it can be difficult to avoid. But [krishnan793] decided to take another route, and reverse engineered his DDPAI dash camera so he could get a live video stream from it without using the companion smartphone application.

Like many modern gadgets, the DDPAI camera creates its own WiFi access point that you need to connect to for configuration. By putting his computer’s wireless card into Monitor mode and running Wireshark, [krishnan793] was able to see that the smartphone was communicating with the camera using some type of REST API. After watching the clear-text exchanges for awhile, he not only discovered a few default usernames and passwords, but the commands necessary to configure the camera and start the video stream.

After hitting it with the proper REST messages, an nmap scan confirmed that several new services had started up on the device. Unfortunately, he didn’t get any video when he pointed VLC to the likely port numbers. At this point [krishnan793] checked the datasheet for the camera’s Hi3516E SoC and saw that it supported H.264 encoding. By manually specifying that as the video codec when invoking VLC, it was able to play a video stream from port 6200. A little later, he discovered that port 6100 was serving up the live audio.

Technically that’s all he wanted to do in the first place, as he was looking to feed the video into OpenCV for other projects. But while he was in the area, [krishnan793] also decided to find the download URL for the camera’s firmware, and ran it through binwalk to see what he could find out. Not surprisingly the security turned out to be fairly lax through the entire device, so he was able to glean some information that could be useful for future projects.

Of course, if you’d rather go with the first option and build your own custom dash camera so you don’t have to jump through so many hoops just to get a usable video stream, we’ve got some good news for you.