Secret CoolReaper backdoor for hackers discovered in Chinese Android phones
China's monitoring and control of how its citizens access the internet is something that has been going on for some time. Now there is something new for Chinese smartphone owners to worry about. Security researchers at Palo Alto Networks have discovered a backdoor built into millions of handsets produced by Coolpad.
Known as CoolReaper, the backdoor potentially places more than 10 million smartphone owners at risk. The security firm conducted investigations after users complained on message boards about suspicious activity on their handsets. After downloading multiple copies of the stock ROM used on Chinese CoolPad phone, it was found that "the majority of the ROMs contained the CoolReaper backdoor".
A total of 77 ROMs were downloaded, and 64 of them were found to include the backdoor. Unit 42 has published a paper that details the capability of the malware, but users have reported the installation of unauthorized software and popup ads. Interestingly, it is reported that CoolPad deleted message board posts that made reference to these problems. At the moment there is no evidence that CoolPad devices sold outside of China and Taiwan are affected, but this will be off little comfort for those who may be at risk.
What CoolReaper is capable of is concerning, as the research paper explains:
- Download, install, or activate any Android application without user consent or notification
- Clear user data, uninstall existing applications, or disable system applications
- Notify users of a fake Over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications
- Send or insert arbitrary SMS or MMS messages into the phone
- Dial arbitrary phone numbers
- Upload information about device, its location, application usage, calling and SMS history to a Coolpad server
The paper says:
In November a white-hat security researcher identified a vulnerability in the back-end control system for CoolReaper, which allowed him to see how Coolpad controls the backdoor.
The research paper gives a detailed breakdown of the findings and warns:
The known impact of CoolReaper thus far is limited to China and Taiwan, but Coolpad’s position in the market and global expansion plans mean this backdoor presents a threat to Android users all over the world.
While CoolPad is only the sixth largest smartphone manufacturer in the world -- with a global share of 3.7 percent of the market -- it is ranked as the third largest manufacturer in China. The company is gradually expanding into the US and Europe so interest in this backdoor is only going to increase.
So far it's hard to say much about the source of the backdoor. Researchers have determined that it has been around since at least October 2013, but it's not clear whether or not there is a connection to the Chinese government.