Vodafone HTC Phones Shipping with Malware

Posted on 18 March 2010 by komplettie in News

It seems that Vodafone’s Android-based HTC smartphones could well be shipping with some very dubious software indeed, with two reports from security experts calling the devices into question.

The whole affair makes HTC's Magic a little less attractive...

Word comes from Panda Security’s research blog, which details the series of events surrounding the discovery of a Mariposa botnet client on the devices, which promptly spreads via an autorun.exe to just about any machine the device is plugged into. When the first case turned up last week, Vodafone called it an “isolated incident” and the world kept turning. Still, according to Panda, that’s only the tip of the iceberg.

The same HTC Magic, ordered directly from Vodafone, also sported “Confiker and a Lineage password stealing malware.” Naturally enough, this looks pretty bad for Vodafone, and things get worse with the revelation that this might not be nearly as isolated an incident as Vodafone made out in its initial response.

Apparently, the first post prompted employees of other security companies, including the Spanish S21Sec, to take a closer look at what their phones were doing. One S21Sec employee found that his own HTC Magic, again, ordered directly from Vodafone, boasted a Mariposa client. If nothing else, it casts a little doubt on Vodafone’s security setup.

The official breakdown from the folks at Panda is a little heavy-handed, but perhaps rightly so, saying that,

• Vodafone stated that it was an isolated incident, but that theory is losing ground as quick as you can say “p0wn3d”
• Originally I had thought it was an issue with a specific refurbished phone as well. But having the exact same botnet client with the exact same characteristics, with such little time difference between the malware being loaded and delivered to the client and all happening during the same week, makes me think this might be a bigger problem, either with QA or with a specific batch of phones
• If you’re in Europe and you’ve purchased a HTC Magic from Vodafone a few weeks before or after March 1st 2010, I’d double-check my PC and HTC’s microSD card if I were you.

It’s a very strange state of affairs indeed, and we’ll be curious to see what the official word from Vodafone is, or if it’ll stick to the “isolated incident” line. Certainly it’s not beyond reason to think that two devices might have been infected at once, but it’s far from an ideal state of affairs for Vodafone.

Tags | , , , , , , ,

«
»
  • Gordon

    Not looking good for Vodafone but on a side note, any security company that used the word “p0wn3d” in its review/statement needs to review its own staff.

  • http://www.komplettblog.ie admin

    Was thinking exactly that, Panda is a solid security company, and one that’s uncovered some interesting stuff in the past, but that does seem unprofessional. At the same time, I believe the original Vodafone response seemed to do everything just short of say that they had made it up… probably coloured the response a little

  • Gordon

    Good point on the Vodafone responce, Panda caught them out and probably got excited in their wording. Can’t help but think of, “Did i really say that”

    Visit our Online Shop for our Latest Offers

    Our Links

    Archives

    Site Tags

    Followers on Facebook