Many cheap push-button phones found malware pre-installed by manufacturers

Often, users regard push-button phones as much safer devices than smartphones.

However, cell phones come with proprietary software and offer an extremely modest set of functions and interfaces, so it is more difficult to infect them with a virus. However, the author with the nickname ValdikSS from Habr conducted a study, in which he found out that “dialers” often come with preinstalled malware.

The researcher decided to test five most different mobile phones.

The devices are from different manufacturers and are based on different platforms. All tested phones are available on the Russian market. These are Inoi 101 based on RDA826 chipset, worth 600 rubles, DEXP SD2810 with SC6531E chip, worth 699 rubles, Itel it2160 based on MT6261, which can be purchased in Russian retail for 799 rubles, Irbis SF63 with SC6531DA chipset, which is offered for 750 rubles, and F + Flip 3 on the same chipset, the price of which reaches 1,499 rubles. As it turned out, only one of the devices was not preinstalled with malicious software.

The researcher tested all the devices he purchased with help of professional equipment and specialized software. It’s funny, but the most affordable phone turned out to be “clean”. Inoi 101 does not contain malicious functions and does not give the owner trouble in the form of sending paid messages.

The situation with the rest of the tested phones is much worse. Itel it2160 announces its sale via the Internet without informing the user. The phone transmits data such as IMEI, country where the phone is activated, device model, firmware version, language used, activation time and base station ID. In turn, F + Flip 3 is not able to connect to the Internet, but it informs about the fact of sale via SMS, sending IMEI and IMSI.

F + Flip 3

Flip 3

DEXP SD2810 is particularly hazardous to users. Although the device does not contain a browser, it connects to the Internet via GPRS, informing about the sale without warning. The phone transmits IMEI and IMSI, sends paid SMS to short numbers and executes the commands of the dubious server, received in response to these SMS. And all this right out of the box! The modest-looking Irbis SF63 can boast of a similar set of malicious functions. The phone informs about the sale via the Internet, transmits encrypted data to the dubious server and executes the commands received from it. There are cases when “dialers” stole a phone number to register accounts in social networks.



The researcher claims that the brands under which the phones are sold are primarily to blame for this situation. They often order software and hardware development from OEMs. Those, in turn, are ready to introduce dubious functions into the device for additional payment from a third party. Unfortunately, regulators don’t care about phone software. The ministry only checks product certification for compliance with international and Russian communication standards.

Irbis SF63

Irbis SF63

The only way to be safe when buying a push-button telephone is to purchase a device from a world brand. Nokia phones, for example, do not contain malware, but their price is often 2-4 times the price of some DEXP.