China has time again been exposed for its malicious activities of spying on people, even outside its country. The United States government has banned a wide range of Chinese OEMs over reports of surveillance on the masses, as well as US investment in Chinese firms. India, too, has cracked down on several Chinese apps, including the popular PUBG Mobile. While it was a common notion that China only used smartphones and other advanced equipment for its malicious intent, a new report suggests China has no bounds when it comes to using electronic devices for its purpose.

A Russian security researcher named ValdikSS has revealed that push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 had been subscribing to premium SMS services unprompted. To go unnoticed, the malware in the phone intercepted incoming SMS messages.

China behind malware-ridden classic push-button phones sold in Russia [details]
ValdikSS

To expose the malicious behaviour in the phones above, ValdikSS set up a local 2G base station to intercept the phones' communications. He said the devices secretly notified a remote internet server when activated for the first time. Shockingly, this process was automated even when there was no internet browser.

Feature phones riddled with malware

The security researcher found four out of five phones tested exhibited malicious behaviour. Here are the observations made by ValdikSS:

DEXP SD2810, despite not having an internet browser, sent data to a remote server, including IMEI, IMSI codes without user's knowledge. The phone sent SMS messages to premium numbers by retrieving the SMS number and SMS text from a remote server.

Itel it2160 was sending information such as IMEI code, country, model, firmware version, language, activation time and mobile base station ID.

RAMpage vulnerability attacks android devices
Creative Commons

Irbis SF63 acted similar to DEXP phone, where it notifies a remote server about the phone's sale and activation. It goes further and registers online using the phone's phone number, executes commands from a remote server.

F+Flip3 phone sends SMS with phone's IMEI and IMSI codes to phone numbers, which have been hardcoded into the firmware of the phone.

The security researcher found that the remote servers that received the data were located in China. But ValdikSS also noted that it wasn't clear if the code was added by the vendor or by third parties that supplied the firmware.