Hot on the heels of the discovery that Adups software was collecting user information, a new flaw has been discovered in Chinese budget phones.
Last week it was Adups. This week it is Ragentek. Ragentek is an over-the-air update software used in numerous Chinese budget android phones. There is a problem with this software though. The problem is that this software works via an unencrypted channel.
Files are transferred in plain text, which leaves the user vulnerable to man-in-the-middle attacks, and allows attackers to easily execute remote attacks on susceptible phones. Furthermore, the Ragentek software attempts to hide itself from the android OS. This has led the Carnegie-Mellon computer emergency response team to identify the software as a rootkit.
This software is suspected to leave around three million devices vulnerable to attack.
Some of the phone makers which utilize this software are BLU, DOOGEE, LEAGOO and XOLO. Being affected by both Adups and Ragentek, BLU appears to be having a rough month.