The latest Nook e-reader sold by Barnes & Noble has been found to contain a particular spyware program called ADUPS, which silently forwards a user’s data to an unknown third party.
The Chief Digital Officer from the bookstore franchise, Fred Argir, affirmed the company had already addressed the issue, and that they are currently working on a software update that will delete ADUPS from all e-readers.
A November report from Brian Krebs revealed the ADUPS software was the work of a Chinese company from Shanghai, whose recent clients include ZTE, BLU, Huawei, and retailers such as Amazon and BestBuy.
The ADUPS software is allegedly capable of siphoning text messages and phone records, analyze them, send them to the owner of the virus, and even install and remove software from host devices. Antivirus apps do not detect ADUPS because it is a part of the phone’s pre-loaded internal content.
Barnes & Noble has denied the ‘spyware’ claims
Recent online reports reveal the company who designed ADUPS later pushed out an updated version that they claim does not gather user data. They did so in response to backlash drawn from the discovery of their software.
The Nook 7, according to reviewers, features an older version of ADUPS that still transmits private data to Chinese servers, but Barnes & Noble disputes these claims, affirming the tablet updates ADUPS automatically when connected to WiFi.
The latest version of the spyware (5.5), is in total compliance with “Google’s security requirements,” says Argir.
“ADUPS has confirmed to Barnes & Noble that it never collected any personally identifiable or location data from Nook 7 devices nor will it do so in the future,” he added.
What is ADUPS-BLU?
First reports of the spyware came from security researcher Kryptowire, which discovered ADUPS while taking apart a BLU R1 HD that he owned. The software uploaded everything on his phone and SMS app, including IP addresses, without his knowledge or consent.
The Nook 7 tablet is currently one of the most affordable e-readers in the market selling for only $50. Brian Krebs remarked that this kind of devices are the most probable to contain ADUPS, given that a cheap price tag means more buyers and more private.
ADUPS has an official website in which they identify themselves as a FOTA (Firmware Over The Air) company that aims to provide “end-to-end device management and software solutions to leading firms that rely on fast, secure, robust connected services around the world.”
Source: iTech Post