October 29, 2014 by

Some Smartphones Come Preinstalled with Chinese Spyware

This week seems to be all about smartphones. Unfortunately, we have to report on more bad news. This time it’s about spyware that comes preinstalled on a number of Android smartphones, including SONY and HTC.

The Hacker News reported today that some users noticed a suspicious folder on their phone named Baidu (for those not aware, Baidu is sort of a Chinese Google). Users are unable to delete or otherwise modify the folder directly from the device, because it instantly recreates itself. While the folder is suspicious, what really concerned everyone were the pings made to a Chinese server in Beijing.

According to the Hacker News, with the help of that Baidu folder, the Chinese Government can do the following:

  • Read status and identity of your device
  • Make pictures and videos without your knowledge
  • Get your exact location
  • Read the contents of your USB memory
  • Read or edit accounts
  • Change security settings
  • Completely manage your network access
  • Couple with bluetooth devices
  • Know what apps you are using
  • Prevent your device from entering sleep mode
  • Change audio settings
  • Change system settings

This spyware was found mostly on Sony Xperia Z3 and Z3 Compact devices, as well as a few other Sony models. Some users of HTC are reporting that they also have the Baidu folder on their phones.

To prevent this service from connecting to the Chinese servers, you can take the following steps (credit: Xperia Blog):

  1. Go ahead and backup anything you need and factory reset.
  2. Remove your SIM card before powering back up.
  3. Skip through the initial setup options without connecting to a network.
  4. Open up Settings > Apps > Running and Force Close the two myXperia apps.
  5. Use the File Commander app and delete the Baidu folder from the internal storage.
  6. Open up Settings > About Phone > Tap the Build Number 7 times to enable developer mode.
  7. Enable USB debugging in the Developer Settings.
  8. Plug the Z3/Z3c into your PC and open up a command window with adb.
  9. Enter the following lines into the command window:

adb shell
pm block com.sonymobile.mx.android


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

100% of Govt Entities See Own Employees as Biggest Cybersecurity Risk

A new cybersecurity report has claimed that the government sector is way behind others in...

Read more arrow_forward

Government & Finance are the Most Targeted Sectors of CyberAttacks

New research has revealed that the number of cyberattacks targeting the government sector has...

Read more arrow_forward

Alen Gojak on Mobile forensics investigations

Alen Gojak, a mobile device examiner and mobile forensic expert based in Croatia, spoke about the...

Read more arrow_forward