Barnes & Noble's ongoing efforts to outsource as much of its Nook platform as possible has just come back to haunt it.
The latest tablet from Barnes & Noble, the newly-released $49 BNTV450, has been found to include ADUPS. In the aftermath of the BLU data theft, ADUPS hostile data collection and control over Android may (or may not) be temporarily quelled, but harmful capability remains with the ADUPS agent. Devices running ADUPS should be considered under malicious control, and they should not be used with sensitive data of any kind.
This is the same malware which was discovered in Blu brand and other cheap smartphones last month, and it is a nasty customer.
It's a piece of spyware which sends all sorts of data back to ADUPS servers in China. Just consider it a data colostomy:
These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices… The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information.
To be fair to ADUPS, they insist that they have cleaned up their act since last month. They say they pushed out a new version of their malware which no longer spies on users.
I don't know if that is true but it doesn't matter for owners of the new Nook Android tablet. Linux Journal made it clear that the version of ADUPS they found on the new Nook tablet is an older version which
harvests users organs and sells them on the black market which does transmit user data to China.
If you have one of these tablets, I strongly urge you to return it.
Fortunately, B&N has a holidays return policy which states that customers have until 31 January to return most merchandise (including Nook devices) purchased between 14 November and 31 December.
So if you have that new tablet, and you still have the box and receipt, you can get a full refund.
Barnes & Noble was contacted for comment, but has yet to respond. I will update this post with their statement when it arrives.