Amazon stops sales of BLU phones over “potential security issue” [UPDATE]

Advertisement

Following the revelation of shock findings from a security research firm at the Black Hat conference about the questionable firmware BLU uses from a vendor called Shanghai Adups, Amazon has told CNET that it has stopped sales of that company’s smartphones pending a “potential security issue.”

“Because security and privacy of our customers is of the utmost importance, all BLU phone models have been made unavailable for purchase on Amazon.com until the issue is resolved,” Amazon said in a statement.

Kryptowire researcher Ryan Johnson, who found that BLU phones were sending all sorts of data to Shanghai Adups servers in China last November, performed more testing and found the invasive software on other models, generally on the budget spectrum. Those budget phones have ranked very popularly on Amazon’s unlocked phones section. The firmware was also found to be vulnerable to malicious hackers and could be exploited to install apps on the device and wipe its data.

BLU and Shanghai Adups have defended the firmware, with the latter insisting that there have been security breaches. Adups has called Kryptowire’s latest presentation “slander” and has said that the same firm approved of revised firmware on the devices it had tested in November.

“We condemn the conduct of Kryptowire in the name of a third party company security protection to seeking commercial interests. At the same time, we will also retain the legitimate measures to resist Kryptowire for its malicious defamation behavior,” the company said in a statement.

Update: BLU also released a statement yesterday afternoon retreading its defense of the firmware from November. The company is criticizing media attention on Chinese servers and insists that only basic information is being collected — Johnson claims that the activity has been more vigorously concealed.

As of this weekend, Best Buy still displayed BLU phones as part of its in-store unlocked device showcase.

Update 2: BLU has commented on the Amazon sales stoppage. The statement reads in full:

Since Nov 2016 when the initial privacy concern was reported by Kryptowire, which BLU quickly remedied, Amazon has been aware of the Adups and other applications on our BLU devices which were deemed at the time by BLU, Amazon, and Kryptowire to pose no further security or privacy risk. Now almost a year later, the devices are still behaving in the same exact way, with standard and basic data collection that pose no security or privacy risk. There has been absolutely no new behavior or change in any of our devices to trigger any concern. We expect Amazon to understand this, and quickly reinstate our devices for sale.

Share This Post
Advertisement
What's your reaction?
Love It
17%
Like It
0%
Want It
0%
Had It
50%
Hated It
33%
About The Author
Jules Wang
Jules Wang is News Editor for Pocketnow and one of the hosts of the Pocketnow Weekly Podcast. He came onto the team in 2014 as an intern editing and producing videos and the podcast while he was studying journalism at Emerson College. He graduated the year after and entered into his current position at Pocketnow, full-time.