These Russian “Dumbphones” Come Pre-Loaded With Malware

• Most Russian dumbphones will declare their purchase by a new owner and will engage in malicious functionality.
• In some cases, they engage in encrypted communications and information exchange with unknown servers.
• There is one model that was deemed to be safe, but generally, buying a Nokia “burner” phone is the best approach.

A Russian researcher has looked into some popular feature phones (“dumbphones”) selling in large numbers in the country and has found out that most of them come with unwanted and undocumented functionality. These are cheap phones that are widely used as “burner” devices in Russia, where the police are keen to seize devices and scrutinize them for incriminating data. Still, as the researcher proves through his work, these inexpensive phones come with their own perils.

The devices that were tested were the following:

• Inoi 101 (RDA8826/SC6533, 600₽)
• DEXP SD2810 (SC6531E, 699₽)
• Itel it2160 (MT6261, 799₽)
• Irbis SF63 (SC6531DA, 750₽)
• F+ Flip 3 (SC6531DA, 1499₽)

The worst of them was determined to be the DEXP SD2810, which connected to the internet via GPRS on its own and without displaying an indication about it, transmits the IMEI and IMSI data to an unknown location, sends paid SMS to short numbers, and also receives and executes commands from an unknown server in response to these messages. Notably, the device doesn’t even feature a web browser, but this doesn’t stop it from doing all the above.

Another nasty case is that of the Irbis SF63, which also executes commands received from an unknown server, while all communications between it and the server are encrypted, so they can’t be evaluated. The SF63 also sends all incoming SMS messages to the third party, a pretty alarming thing to be going on. In all cases except one, the devices inform about their sale to a new owner via the internet, so the shady operation can begin.

The only “clean” one that was determined to be safe to use was the Inoi 101 - which, by the way, is the only device that is not using an ARM-based chip, and its connectivity is limited to 2G (the other two support up to 4G). So, if you’re in Russia and looking for a safe “burner” phone, get an Inoi 101 for only 600 Rubles ($8.25). The only problem with it is availability, as it has been discontinued, so it won’t be around for long.

Most probably, this is a problem of brands trusting OEMs with the software and hardware, and the latter just maximizing their profits by incorporating all kinds of shady stuff in their products. After all, finding out about this hidden functionality from the user’s perspective is highly unlikely, as these “dumbphones” don’t offer the simple monitoring tools or ways that are available in smartphones.

The researcher also suggests that buying a feature phone from Nokia should be a safe choice, even if these cost up to four times more compared to the models he analyzed, as they have no malicious or hidden functionality.