Major privacy breach discovered on Motorola phones

[SEMIJim]

Or "Reason #1 I don't own a 'smart' phone"

This just arrived as item #1 in a security exploits/vulnerabilities newsletter I receive by email.

Description: An independent security researcher published proof this week that Motorola phones with the Blur service installed are sending a myriad of credentials and private information silently to Motorola servers, as well as communicating via a modified version of the Jabber protocol in a format reminiscent of botnet command-and-control. The disclosure - which featured packet captures, screen shots, and a full analysis of all of the data being sent - includes reproduction instructions for anyone concerned about their Motorola phone behaving in a similar manner. Impacted phone owners appear to have little recourse at this time, as the service responsible for this information disclosure cannot be removed without rooting the phone and installing a stock version of Android.
Reference:
Motorola Is Listening - Projects - Beneath the Waves

I keep an encrypted key ring on my old Palm Centro phone. (I'm not required to have a data plan on Sprint with that phone.) Everything is in that keyring. Every login credential for every private and business account I have, as well as CC info, PINs, family SSNs and DL numbers, you name it, is in that keyring.

Put it on a "smart" phone? I don't think so.

Jim

 

[vampirefo.]

I am not familiar with Motorola devices, but it appears from the story this can be fixed easy enough via rooting device and removing or disabling service. people using such devices can choose to leave service running or disable it. I am not for sure from story what the purpose of the service is.
Most likely will have to wait for Motorola to post their side of the story.

 

[vampirefo.]

The more I read the more I believe this person is living in his own world, I honestly don't believe the article, while a ring of truth is here and there the authors imagination is getting the best of him.