BLU, a massive seller of unlocked smartphones based here in the US (Florida, to be exact), announced this morning that it encountered a large security threat for a number of its users. In total, the company claims that the threat associated with a “Wireless Update” 3rd-party application affects about 120,000 devices.
To sum up what was taking place, the application, which is intended to be used to update the OS on devices, was harvesting text messages, call logs, and contacts. As of right now, BLU states that the app has been “self-updated,” and the harvesting function has been terminated. Furthermore, and a bit on the scary side, the security firm that discovered this vulnerability, Kryptowire, claims that all of this harvested information was being sent over to a Chinese server.
The process of checking to see if your BLU phone is affected is quite simple. Settings > Apps > Show System > Wireless Update. If your version of Wireless Update is from 5.0.x to 5.3.x, contact BLU immediately. If your version doesn’t fall into that category, you are fine, according to BLU.
Below is a list of affected models.
- R1 HD
- Energy X Plus 2
- Studio Touch
- Advance 4.0 L2
- Neo XL
- Energy Diamond
Here is the message that BLU posted to its website.
BLU Products has identified and has quickly removed a recent security issue caused by a 3rd party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices.
Our customer’s privacy and security are of the upmost importance and priority.
The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.
As I mentioned, this app is used to update a smartphone’s OS, but due to this threat, BLU states it is now working with Google to utilize Google’s own OTA procedure and servers for future devices.