BERLIN, Feb. 26 (Xinhua) -- Pre-installed malware can be found on certain tablets and smartphones in Germany, the German Federal Office for Information Security (BSI) announced on Tuesday, warning against the use of these devices.
The affected technical devices are Tablet Eagle 804 by Krueger&Matz, the smartphone S8 Pro by Ulefone as well as the smartphone A10 by Blackview, which can all be purchased via online platforms. German information security authorities had ordered the products via Amazon and subsequently analyzed them.
"The BSI has informed the manufacturers of the devices about the findings and requested them to take appropriate measures to restore the safety of their customers", BSI president Arne Schoenbohm stated and added that the German authorities were "currently unable to do more".
The tablet Eagle 804 on which the BSI detected a preinstalled malware would contact a "well-known Command&Control Server". The malware would not only send device data to the server, but also has a reloading function, which means that once the malware is on the device, further malware with different functions could be transferred undetected. According to BSI, such malware would also be used for spying on personal bank data.
In the current version, the two affected smartphones are delivered without malware. However, the manufacturers are offering a firmware with a lower version number for download which contains the detected malware. According to BSI, it can therefore be assumed that smartphones already purchased would be affected.
The data obtained by the German information security authorities indicates that more than 20,000 connections of individual German IP addresses are being established per day via the Command&Control Server. According to BSI, it must be "assumed that devices with this malware variant are more widespread in Germany".
Back in October 2018, British IT company Sophos reported similar malware problems with Ulefone S8. Sophos noted that if a smartphone is too cheap, it might be "at the cost of other people's privacy".
"Once again, this case clearly shows that price cannot be the only criterion for a purchasing decision. Otherwise, users may pay significantly more with their data or through fraudulent activities," BSI President Schoenbohm concluded.
In order to protect personal data, the BSI has provided information on its website on how to obtain appropriate security features before purchasing new devices.
