Security experts have uncovered that the new Nook 7 tablet offered by Barnes & Noble deliver malware to their owners.
The B&N Nook 7 Tablet Delivers Malware
Barnes & Noble recently presented a new affordable Android device called the Nook 7 Tablet. The device was unveiled last month as a cheap alternative to many competitive products and is probably going to be offered to many potential customers as a holiday gift.
Unfortunately potential and current owners should be very careful as security researchers identified that the devices contain the ADUPS malicious firmware.
This is a dangerous piece of software which actively transmits user data, allows remote operators to access the device and execute arbitrary commands. Other possible actions include remote software installation and the application of automatic updates without user consent.
According to the security analysis the device that are affected by the ADUPS firmware transmit user and device data including the full contents of text messages, contact lists, call history, unique device identifiers (including IMSI and IMEI). The malicious firmware can target specific users and harvest messages that contain predefined keywords. In addition to that it can also collect and transmit data about the installed apps on the host device, bypass the permission model used by Android and execute various commands with root privileges.
The device itself is a rebranded Chinese tablet that runs the Android 6.0 Marshmallow operating system and features a 1.3 GHz MediaTek CPU. Various Nook apps come preinstalled and it has the usual specs for a low-end device: 8 GB internal storage, a microSD slot for memory expansion and WiFi and Bluetooth connectivity. Its 7-inch screen has a resolution of 600×1024 pixels. The front camera has a resolution of 2 MP while the front one is a 5 MP one.
The ADUPS firmware was discovered on a variety of low-priced Chinese devices that are popular on various online retailers around the world. Several security experts and online media suggest that the customers should return their devices if they are concerned about their security and privacy. Journalists have reached out to B&N but there is still no response from the company.
B&N Updated The Nook Tablets to Fix The Issue
Following the large media attention that B&N received about the security vulnerability, they have stated that the developers are working on a update. The new software will remove the Adups firmware from the devices. The Chief Digital Officer (CDO) Fred Argir said the followng:
NOOK Tablet 7” went on sale on November 26. By that time, the device automatically updated to a newer version of ADUPS (5.5), which has been certified as complying with Google’s security requirements, when first connected to Wi-Fi. ADUPS has confirmed to Barnes & Noble that it never collected any personally identifiable information or location data from NOOK Tablet 7” devices, nor will it do so in the future.
Finally, we are working on a software update to remove ADUPS completely from the NOOK Tablet 7”. That update will be made available to download within the next few weeks, but in the meantime customers can rest assured that the device is safe to use.
For more information on the malicious software which is also known as Kryptowire you can read our story here.