I've recently bought an s6 and ive got a question to any owner to check out something in their apps If you use Android.
Upon setting up the phone i went straight into apps to check out the bloatware that comes with it and instantly saw Computrace Agent and alarms bells were ringing. Trying to uninstall it is a no go, it basically comes embedded in the phones firmware and/or bios as a persistence module, the second its uninstalled the bios reinserts it and the service is running again. Think of a rootkit for a phone essentially providing full access to the phone, yesterday it contacted +13106916499 15 times through SMS, am I meant to be paying those damn fees daily to message an abroad number for them to send and recieve data?... The text was was base64 encoded so its most likely encryption but i dont know what cipher or how key generation will be, it would have to be local to the device but no idea really. I've included some screenshots of the software messages etc.
Not only that it provides full access remotely to everything on your device, it also is vulnerable and is another point of entry for an attacker. If they can take over that service they have undeniable remote access to everything as well. They are past presentations at BlackHat conference covering this.
There isnt many topics when searching for this and in one long thread on the EE forums where a high standing member of the forum is saying basically shut up and deal with it. He's very rude and leaves the customer with no choice and doesnt understand the implications of this software, even denying that it sends SMS.
I tried flashing everything off the phone using XtresoLite ROM through TWRP2 including the bootloader and modem firmware to no avail, the application persists and immediately sends a startup signal to the home server, the number from above ironically comes up as California - NSAesque or what!! I have read of one method of installing the clean samsung firmware which i will try tonight however im unsure whether this will do anything, on the companys website they have the vendor list and they work with a lot of hardware companies to support integration with their bios and firmware including Samsung and Asus.
Im pretty annoyed, paid a lot for the phone and this damn rootkit makes me want to get rid of it immediately, sure the NSA monitor all this from their end but its taking the mick when a phone comes with this kind of software embedded.
Screenshots: http://imgur.com/e2j3rr8,klQl5bB,LlShUoc,fa58R5Z
Upon setting up the phone i went straight into apps to check out the bloatware that comes with it and instantly saw Computrace Agent and alarms bells were ringing. Trying to uninstall it is a no go, it basically comes embedded in the phones firmware and/or bios as a persistence module, the second its uninstalled the bios reinserts it and the service is running again. Think of a rootkit for a phone essentially providing full access to the phone, yesterday it contacted +13106916499 15 times through SMS, am I meant to be paying those damn fees daily to message an abroad number for them to send and recieve data?... The text was was base64 encoded so its most likely encryption but i dont know what cipher or how key generation will be, it would have to be local to the device but no idea really. I've included some screenshots of the software messages etc.
Not only that it provides full access remotely to everything on your device, it also is vulnerable and is another point of entry for an attacker. If they can take over that service they have undeniable remote access to everything as well. They are past presentations at BlackHat conference covering this.
There isnt many topics when searching for this and in one long thread on the EE forums where a high standing member of the forum is saying basically shut up and deal with it. He's very rude and leaves the customer with no choice and doesnt understand the implications of this software, even denying that it sends SMS.
I tried flashing everything off the phone using XtresoLite ROM through TWRP2 including the bootloader and modem firmware to no avail, the application persists and immediately sends a startup signal to the home server, the number from above ironically comes up as California - NSAesque or what!! I have read of one method of installing the clean samsung firmware which i will try tonight however im unsure whether this will do anything, on the companys website they have the vendor list and they work with a lot of hardware companies to support integration with their bios and firmware including Samsung and Asus.
Im pretty annoyed, paid a lot for the phone and this damn rootkit makes me want to get rid of it immediately, sure the NSA monitor all this from their end but its taking the mick when a phone comes with this kind of software embedded.
Screenshots: http://imgur.com/e2j3rr8,klQl5bB,LlShUoc,fa58R5Z
