• NO Processing Fee, No Diagnosis Fee, NO Data No Charge
20 Feb

Chinese Spyware Pre-Installed on All Samsung Phones (& Tablets)

Chinese Spyware Pre-Installed on All Samsung Phones (& Tablets)

The reddit user throws light on the Samsung’s involvement with Qihoo 360,

I know the title is rather sensational, however it couldn’t get any closer to the truth.

For those who are too busy to read the whole post, here’s the TL;DR version: The storage scanner in the Device Care section is made by a super shady Chinese data-mining/antivirus company called Qihoo 360. It comes pre-installed on your Samsung phone or tablet, communicates with Chinese servers, and you CANNOT REMOVE it (unless using ADB or other means).

This is by no means signaling hate toward Samsung. I have ordered the Galaxy S10+ once it’s available in my region and I’m very happy with it. I have been a long time lurker on r/samsung and r/galaxys10 reading tips and tricks about my phone. However, I want to detail my point of view on this situation.

For those who don’t know, there’s a Device Care function in Settings. For me, it’s very useful for optimizing my battery usage and I believe most users have a positive feedback about this addition that Samsung has put in our devices. With that being said, I want to go into details regarding the storage cleaner inside Device Care.

If you go inside the Storage section of Device Care, you’ll see a very tiny printed line “powered by 360”. Those in the west may not be familiar with this company, but it’s a very shady company from China that has utilized many dirty tricks to attempt getting a larger market share. Its antivirus (for PC) is so notorious that it has garnered a meme status in China, Hong Kong, Taiwan and other Chinese speaking countries’ Internet communities. For example, 360 Antivirus on PC would ACTIVELY search for and mark other competitors’ products as a threat and remove them. Others include force installation of 360’s browser bars, using misleading advertisements (e.g. those ‘YOUR DEVICE HAS 2 VIRUSES, DOWNLOAD OUR APP TO SCAN NOW’ ads). These tactics has even got the attention of the Chinese government, and several court cases has already been opened in China to address 360’s terrible business deeds. (On the Chinese version of Wikipedia you can read further about the long list of their terrible misconducts, but there’s already many on its English Wikipedia page: https://en.wikipedia.org/wiki/Qihoo_360).

If the company’s ethics are not troublesome enough, let me introduce you to the ‘Spyware’ allegation I made in the title. A news report from the Chinese government’s mouthpiece ChinaDaily back in 2017 reveals 360’s plan to partner up with the government to provide more big data insights. In another Taiwanese news report back in 2014, 360’s executive even admits that 360 would hand the data over to the Chinese government whenever he is asked to in an interview (https://www.ithome.com.tw/news/89998). The Storage scanner on your phone have full access to all your personal data (since it’s part of the system), and by Chinese laws and regulations, would send these data to the government when required.

With that in mind, for those who know intermediate computer networking, I setup a testing environment on my laptop with Wireshark trying to capture the packets and see what domains my phone are talking to. I head over to Device Care’s storage section and tapped update database (this manual update function seems to be missing from One UI 2.0), and voila, I immediately saw my phone communicating to many Chinese servers (including 360 [dot] cn, wshifen [dot] com). I have collected the packets and import them into NetworkMiner, here’s the screenshot of the domains: https://imgur.com/EtfInqv. Unfortunately I wasn’t able to parse what exactly was transferred to the servers, since it would require me to do a man in a middle attack on my phone which required root access (and rooting seemed to be impossible on my Snapdragon variant). If you have a deeper knowledge about how to parse the encrypted packets, please let me know.

Some may say that it’s paranoia, but please think about it. Being the digital dictatorship that is the Chinese government, it can force 360 to push an update to the storage scanner and scan for files that are against their sentiment, marking these users on their “Big Data platform”, and then swiftly remove all traces through another update. OnePlus has already done something similar by pushing a sketchy Clipboard Capturer to beta versions of Oxygen OS (which compared clipboard contents to a ‘badword’ list), and just call it a mistake later. Since it’s close source, we may really know what’s being transmitted to the said servers. Maybe it was simply contacting the servers for updates and sending none of our personal data, but this may change anytime (considering 360’s notorious history).

I discovered that the Device Care could not even be disabled in Settings. I went ahead and bought an app called PD MDM (not available on Play Store) and it can disable builtin packages without root (by abusing Samsung’s Knox mechanism, I assume). However I suffered a great battery performance loss by disabling the package, since the battery optimizer is also disabled too.

After a bit of digging, the storage cleaning in Device Care seemed to be present for a long time, but I’m not sure since which version of Android. It previously seemed to be handled by another sketchy Chinese company called JinShan (but that’s another story), but got replaced by 360 recently.

Personally, I’m extremely disappointed in Samsung’s business decision. I didn’t know about 360 software’s presence on my phone until I bought it, and no information was ever mentioned about 360 in the initial Setup screen. I could have opted for a OnePlus or Xiaomi with the same specs and spending much less money, but I chose Samsung for its premium build quality, and of course, less involvement from the Chinese government. We, as consumers, paid a premium on our devices, but why are we exposed to the same privacy threats rampant on Chinese phone brands? I get it that Samsung somehow has to monetize their devices with partnerships, but please, partner with a much more reputable company. Even Chinese’s Internet users show a great distrust about the Qihoo 360 company, how can we trust this shady and sketchy company’s software running on our devices?

This is not about politics, and for those who say ‘USA is doing the same, why aren’t you triggered?’, I want to clarify that, no, if the same type of behavior is observed on USA companies, I will be equally upset. As for those who have the “nothing to hide” mentality, you can buy a Chinese phone brand anytime you like. That is your choice. We choose Samsung because we believe it stand by its values, but this is a clear violation of this kind of trust.

If you share the same concern, please, let our voices be heard by Samsung. I love Reddit and I believe it’s a great way to get the community’s attention about this issue. Our personal data is at great risk.
To Samsung, if you’re reading this, please 1.) Partner with an entirely different company or 2.) At least make the Storage scanner optional for us. We really like your devices, please give us a reason to continue buying them.

Temporary Solution and Concern to note also.

Just in case in all the apps you’ve downloaded you spot ads , please note  also the developers of those apps are sharing and selling your data as part of adverts, nothing personal so to speak but those terms and conditions we all ignore to read before installing or are made difficult to locate where the links are. This is what screws everyone for ignoring them. Please read and know what you are bound to or about to give conceit for them to access.

The authorized system tracks or monitor your browser history, apps, the  music you listen or even stuff you normally buy on Amazon, eBay or even in google and to make matters worse triangulate your location. Well this is the future of A.I for big data being sold shared and sold out by the giants.

Solution: As a temporary solution, change all your settings for your apps, clear your browser’s history, daily clean all your cache’s out, delete apps you don’t use or need. Please read the terms before installing. This will minimize your exposure.

Contact us now:

Call now 0711 051 000. We are the Data recovery Experts in Kenya and Africa.  We also do digital forensics.
Do not Suffer in Silence we can help.  We are located at Chiromo Court 3rd floor Nairobi Kenya.

 

This blog is Courtesy of Reddit.com

Share this
04 Dec

Cyber Criminals Are Using YouTube To Install Cryptojacking Malware

Cyber Criminals Are Using YouTube To Install Cryptojacking Malware

 At East African Data Handlers we have discovered that the  Slovakian software security firm Eset  uncovered that cyber criminals  are behind Cryptojacking Malware, the Stantinko botnet which has been distributed as a Monero (XMR) cryptocurrency mining module via Youtube.

We wish to warn the public to be careful. Further research indicate that, On Nov. 26, the major antivirus software supplier Eset reported that the Stantinko botnet operators have expanded their criminal reach from click fraud, ad injection, social network fraud and password stealing attacks, into installing Cryptojacking Malware on victims’ devices using Youtube.

Stantinko botnet has been active since at least 2012

The Stantinko botnet, which has been active since at least 2012 and predominantly targets users in Russia, Ukraine, Belarus and Kazakhstan, reportedly uses YouTube channels to distribute its Cryptojacking Malware module, which mines the privacy-focused crypto coin Monero on the CPUs of unsuspecting victims.

This cryptocurrency-stealing malware has reportedly infected around 500,000 devices, and is similar to the recently discovered malicious malware, Dexphot, malware discovered by Microsoft that has already infected more than 80,000 computers.

These crypto-hijacking codes steal processing resources, take over legitimate system processes and disguise the nefarious activity with the ultimate goal of running a crypto miner on the infected devices.

Eset informed YouTube, which reportedly responded by removing all the channels that contained traces of Stantinko’s code.

Malware on Monero’s official website was stealing crypto

In November, Monero’s core development team said that the software available for download on Monero’s official website might have been compromised to steal cryptocurrency. A professional investigator going by the name of Serhack confirmed that the software distributed after the server was compromised was indeed malicious:

“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”

 Be warned of this trend that  is now slowly coming to Africa. 

Courtesy of https://cointelegraph.com/

NEED HELP?

We are proud to provide you with full Data Recovery Service and Malware investigation services coverage to any part of Kenya; NairobiMombasaKisumu, Eldoret. Data Loss is only temporary and we prove it every day with the highest Hard Drive Recovery Success rate in Kenya. We Recover Data in Kenya from the Following Devices; Hard DrivesLaptopsDesktopsRaid SystemsRAID / NAS / SAN , ServersMemory Cards, Flash Drives, DatabasesSSD Drives etc

East African Data Handlers ltd no data – no charge policy means you owe us nothing if we are unable to recover your critical files.

Contact us now

If you’ve lost valuable, irreplaceable data — We can save it! Call us now at 0711 051 000 or visit our offices Chiromo Court 3rd Floor Westlands

Share this
27 Jan

What causes your computer to lose files?

What causes your computer to lose files?

As you use your computer, beware that you can lose your files at any time. Here are some situations and things that may cause you to lose your file:

Human error:

As a human being, you are bound to make a few mistakes here and there. One way this can occur is through accidental erasure. For example, let’s say you are working on a certain document and you accidentally hit the delete button. When a dialog box appears, you just click ‘OK’ and continue. You may have not noticed but probably you might have deleted a certain folder. It was done mistakenly and you probably did not know what was going on. Such situations happen and in this way you may end up losing your files.
Another way human beings can cause loss of files on your computer is by allowing other people to use your machine without access. They may come and delete some of your files, either deliberately or accidentally.

Viruses:

Viruses are programs written to bring about corruption of files, especially files stored in storage devices like hard disks and USB flash disks. Viruses can be gotten from the internet i.e. by accessing certain sites (especially porn sites), downloading certain free software, email attachments and also from external storage devices that are introduced to your computer . The virus will infect your computer files and thus will become corrupted. This is why in most cases when you look for certain files, they cannot be accessed. They are in a corruptible form. The worst part about computer viruses is that, like their medical counterparts, they replicate to infect many files.

This is one of the reasons why when purchasing a new computer , it is recommended to install anti-virus software to protect your computer against viruses.

Contact us now

If you’ve lost valuable, irreplaceable data  — We can save it! Call us now at +254 711 051 000 or visit our offices Chiromo Court 3rd Floor Westlands, Kenya. Best of it, we have distributed offices all over East Africa and can easily get your device brought to us from anywhere in East Africa.

Also  we have other services in data recovery for various  devices; Hard Drives, Laptops, Desktops, Raid SystemsRAID / NAS / SAN , Servers, Memory Cards, Flash Drives, Databases, SSD Drives etc

East African Data Handlers ltd  no data – no charge policy means you owe us nothing if we are unable to recover your critical files.

Share this
13 Jan

Computer Forensics Kenya Training

Gain knowledge in Computer Forensics Kenya Training

Did you  know that we offer Computer Forensics Kenya Training in IT security and Digital  Forensics. Well this is not a new area of study.  At East African Data Handlers we are please to announce that we do offer this course:

Some of the areas that we tackle in the training are for those searching for ( Ethical hacking training , Cyber security training

Also during the training you will be introduced to our services  of data recovery and how they relate to our work as a value added service offered by East African Data Handlers.

Our stretch of other services include

The following Devices; Hard Drives, Laptops, Desktops, Raid SystemsRAID / NAS / SAN , Servers, Memory Cards, Flash Drives, Databases, SSD Drives etc

East African Data Handlers ltd no data – no charge policy means you owe us nothing if we are unable to recover your critical files.

Contact us now

If you’ve lost valuable, irreplaceable data  in Ethiopia — We can save it! Call us now at +254 711 051 000 or visit our offices Chiromo Court 3rd Floor Westlands, Kenya but have distributed offices all over East Africa.

Share this
02 Jul

How to identify Hard Drive failure

What would you do if your hard drive crashed and you lost a lifetime’s worth of photos, videos, and memories – not to mention important work files, family recipes, and other irreplaceable information. Many of us would be distraught, and understandably so. Fortunately, there are ways to tell if your hard drive is about to crash, so you can avoid a life-ruining tech emergency!

First, why do hard drives fail? They are one of the few mechanical parts still used in modern computing, and as such are destined to fail eventually. A few of the common causes of hard drive failure include:

read more
Share this

© 2015  East African Data Handlers. All rights reserved.