Get the latest tech news

A low budget consumer hardware espionage implant (2018)

(Published: 2017-11-11, Last update: 2018-01-07) The following analysis was performed on a S8 data line locator which replied to the hidden SMS command for version query ( *3646655*) with: Ver=MTK6261M.T16.17.01.10 build=2017/01/10 17:33 A while back Joe Fitz tweeted about the S8 data line locator1. He referred to it as “Trickle down espionage” due to its reminiscence of NSA spying equipment.

This is probably not an elaborate scheme to harvest phone numbers and send them to China, but rather the way the default manufactured SIM code was implemented and it was never trimmed down to the needs of this device. This is presumably the remote server which is contacted to turn the MCC, MNC, LAI and CID codes into street, city and country information as well as the link to gpsui.net which forwards to Google maps. After publishing this write up, Vangelis Stykas (@evstykas) found a bunch of Insecure Direct Object References with Authorization bypass through user-controlled key vulnerabilities leading to Horizontal escalation of privilege (one user can view/modify information of all other 615,817 accounts) in gpsui.net.

Get the Android app