Discovered that Motorola collects personal information from its smartphone

ByTruthout.org

System engineer Ben Lincoln was using Motorola Droid X2 sold by Motorola, and discovered that privacy data from Droid X 2 is secretly being sent to Motorola.

Motorola Is Listening - Projects - Beneath the Waves
http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html

Motorola Droid X 2, unlike regular Motorola smartphonesBlur / MotoBlur user interfaceAnd the producer has not made any changes to the OSStockAndroidIt was a type of smartphone close to. This is the big reason why Lincoln purchased Motorola Droid X2.

ByEatsmilesleep

One day, Lincoln was using his own Droid X2 while workingMicrosoft Exchange ActiveSyncWhen I was testing about.Penetration testRunning checking history from a proxy called Burp Suite Professional, I discovered that HTTP connections to ws-cloud112-blur.svcmot.com are frequently repeated.

Lincoln found out that svcmot.com is the domain used by Motorola and also discovered every time that the connection to Motorola updates Microsoft Exchange ActiveSync's configuration. For traffic information that was being sent to Motolora from a URL containing HTTP,DNS name of ActiveSync server·Domain name and user ID·E-mail address registered in ActiveSync account · Name of network connectionWas included. Also, it is not a frequent connection, but I have also found out that various other information is being sent to Motorola.


Lincoln worried about what kind of information is being sent to Motorola, setting up accounts such as e-mail, ActiveSync, SNS, etc., to test which information is leaked and to try to verify .

As a result of the test, I registered for accounts such as Facebook · Twittermail addressWhenpasswordHe was sent to Motorola. Facebook and Twitter judge that transmission of data as described above is unnecessaryOAuthAlthough it supports an open protocol called Motorola, it does not use protocols with advanced security like OAuth. Also, because connections to Facebook and Twitter are mostly done via Motorola's system from HTTP URL, Motolora,Friends who are registered on Facebook · Contents of posts you are writing or reading · Images you are viewingIt is all you can check the information. The image below clearly shows that Facebook's registered e-mail address, password, friend information is sent to Motorola's server, not Facebook.



YouTube, Photobucket, Picasa are registered like Facebook, etc.E-mail address / passwordWas sent to Motorola.


As information on Exchange Active Sync, domain name, user name, e-mail address, connected name etc. were leaked to Motorola from the URL including HTTP.

Also, regarding Yahoo! Mail, I could confirm that the e-mail address has been sent to Motorola, but he said that no account password was leaked.

On the other hand, there is an interesting result that the information on the Gmail account sent to Motorola is zero. However, when you create an account such as YouTube, Gmail account information will be sent to Motorola from there, so be careful. Lincoln has been testing YouTube's account, a warning mail from Gmail that I tried to log in as someone tried to log in to Gmail's account, has arrived from Gmail, and the unauthorized source IP listed in the email Examining the address, I know that it was a connection from Motorola.


In addition to the data listed above, Lincoln's investigation found that information on shortcut icons and widgets installed on the home screen of the smartphone was sent to Motorola every two to three minutes .

Lincoln sought his own Motorola Droid X 2 in June 2013, so we do not know if Motorola is collecting information from other models as well. However, considering replacing this one with a PC, it is impossible to imagine a program modified on the purchased PC to extract data including privacy without omission by the owner by default "Said Lincoln.

In Japan, from au "MOTOROLA PHOTON ISW 11 M"MOTOROLA RAZR IS 12 M"From SOFTBANK MOBILE Corp.MOTOROLA RAZR M 201 M"Has been released.