These Russian “Dumbphones” Come Pre-Loaded With Malware

  • Most Russian dumbphones will declare their purchase by a new owner and will engage in malicious functionality.
  • In some cases, they engage in encrypted communications and information exchange with unknown servers.
  • There is one model that was deemed to be safe, but generally, buying a Nokia “burner” phone is the best approach.

A Russian researcher has looked into some popular feature phones (“dumbphones”) selling in large numbers in the country and has found out that most of them come with unwanted and undocumented functionality. These are cheap phones that are widely used as “burner” devices in Russia, where the police are keen to seize devices and scrutinize them for incriminating data. Still, as the researcher proves through his work, these inexpensive phones come with their own perils.

The devices that were tested were the following:

  • Inoi 101 (RDA8826/SC6533, 600₽)
  • DEXP SD2810 (SC6531E, 699₽)
  • Itel it2160 (MT6261, 799₽)
  • Irbis SF63 (SC6531DA, 750₽)
  • F+ Flip 3 (SC6531DA, 1499₽)
Source: habr.com

The worst of them was determined to be the DEXP SD2810, which connected to the internet via GPRS on its own and without displaying an indication about it, transmits the IMEI and IMSI data to an unknown location, sends paid SMS to short numbers, and also receives and executes commands from an unknown server in response to these messages. Notably, the device doesn’t even feature a web browser, but this doesn’t stop it from doing all the above.

Another nasty case is that of the Irbis SF63, which also executes commands received from an unknown server, while all communications between it and the server are encrypted, so they can’t be evaluated. The SF63 also sends all incoming SMS messages to the third party, a pretty alarming thing to be going on. In all cases except one, the devices inform about their sale to a new owner via the internet, so the shady operation can begin.

Source: habr.com

The only “clean” one that was determined to be safe to use was the Inoi 101 - which, by the way, is the only device that is not using an ARM-based chip, and its connectivity is limited to 2G (the other two support up to 4G). So, if you’re in Russia and looking for a safe “burner” phone, get an Inoi 101 for only 600 Rubles ($8.25). The only problem with it is availability, as it has been discontinued, so it won’t be around for long.

Most probably, this is a problem of brands trusting OEMs with the software and hardware, and the latter just maximizing their profits by incorporating all kinds of shady stuff in their products. After all, finding out about this hidden functionality from the user’s perspective is highly unlikely, as these “dumbphones” don’t offer the simple monitoring tools or ways that are available in smartphones.

The researcher also suggests that buying a feature phone from Nokia should be a safe choice, even if these cost up to four times more compared to the models he analyzed, as they have no malicious or hidden functionality.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari