Barnes & Noble started outsourcing its Nook e-readers just a few years in the past after a partnership with Samsung and their newest $50 Nook 7 android pill, introduced final month, reveals us how that has labored out for them.
Their newest e-reader contains ADUPS, a firmware that sends consumer knowledge again to the producer or an hacker. This is similar malware that researchers discovered on low cost Blu tablets and telephones final month.
The producer claims to have patched the malware in present merchandise however it appears the brand new B&N Nooks are nonetheless operating the outdated software program. ADUPS permits for full knowledge entry on the machine and command and management privileges together with distant software program set up and automated updates with out use permission.
How dangerous is it?
These gadgets actively transmitted consumer and machine info together with the full-body of textual content messages, contact lists, name historical past with full phone numbers, distinctive machine identifiers together with the Worldwide Cellular Subscriber Id (IMSI) and the Worldwide Cellular Gear Id (IMEI). The firmware may goal particular customers and textual content messages matching remotely outlined key phrases. The firmware additionally collected and transmitted details about using functions put in on the monitored machine, bypassed the Android permission mannequin, executed distant instructions with escalated (system) privileges, and was in a position to remotely reprogram the gadgets… The firmware that shipped with the cellular gadgets and subsequent updates allowed for the distant set up of functions with out the customers’ consent and, in some variations of the software program, the transmission of fine-grained machine location info.
The Digital Reader is recommending that customers return their Nooks and notes that B&N has a vacation return coverage that allows you to ship objects again till January 31.
NOOK Pill 7” went on sale on November 26. By that point, the machine robotically up to date to a more moderen model of ADUPS (5.5), which has been licensed as complying with Google’s safety necessities, when first linked to Wi-Fi. ADUPS has confirmed to Barnes & Noble that it by no means collected any personally identifiable info or location knowledge from NOOK Pill 7” gadgets, nor will it accomplish that sooner or later.
Lastly, we’re engaged on a software program replace to take away ADUPS fully from the NOOK Pill 7”. That replace can be made accessible to obtain inside the subsequent few weeks, however within the meantime prospects can relaxation assured that the machine is protected to make use of.
Fred Argir, Chief Digital Officer