Hacking, Vulnerability

Sony Xperia Devices Reportedly Containing ‘Baidu’ Spyware

1424

If you are currently a Sony Xperia handset owner than it is probably wise to listen up. Reports are coming in from several forums that some Xperia handsets seem to contain the Baidu spyware.In particular the problem seems to persist on KitKat running devices. If you do own a Sony Xperia device and running either the Android 4.4.2 or 4.4.4 KitKat firmware then you are probably at the most risk of the spyware. Thankfully this is a spyware you can check to see if you have. The folder is aptly named ‘Baidu’ and if you see it then you have the spyware. It seems at present there is also no way of deleting the folder. It appears to be created by Sonys ‘my Xperia’ service each time a connection is made and is reported to be sending pings to China, as you can see in the images below. There is no further information known on what these pings are transmitting but nevertheless they do seem to be transmitting.

As mentioned the actual folder does not seem to be able to be removed regardless of what is tried. Users have reported deleting the folder and it instantly reappears as well as unticking the folder from device administrator equally seems to do nothing. Sony are aware of the situation but do not seem to be able to do anything as it is built into the current firmware. As such the only real information Sony could provide is that the spyware will be removed in future firmware updates.

MYSTERIOUS BAIDU SPYWARE
About a month ago, a group of community users of Sony smartphone detected the presence of a strange folder, named “Baidu”, mysteriously appeared from among those present in various versions of Android for these handsets.
The creepy part is that the folder is created automatically without the owners permission and there is no way of deleting it. Even if someone tries to remove it, it instantly reappears as well as unticking the folder from device administrator equally seems to do nothing, neither does starting the phone in Safe Mode.
Just unpacked my Sony Z3 compact, haven’t installed a single app and its connecting to China. I am not so concerned about the folder itself but my phone now has a constant connection to an IP address in Beijing which I am not too happy about.” Reddit user commented.
The Baidu folder appears to be created by Sony’s ‘my Xperia’ service each time a connection is made and is reported to be sending pings to China. There is no further information known on what these pings are transmitting but nevertheless they do seem to be transmitting.
PERSONAL INFORMATION SEND TO CHINA
Going deep, several users reported they found that the Chinese government is able to detect the status and identity of the device, take pictures and make videos without the consent of the user. A user, going by the handle Elbird, posted on Sony Forums that with the help of Baidu folder, the Chinese Government can:
  • Read status and identity of your device
  • Make pictures and videos without your knowledge
  • Get your exact location
  • Read the contents of your USB memory
  • Read or edit accounts
  • Change security settings
  • Completely manage your network access
  • Couple with bluetooth devices
  • Know what apps you are using
  • Prevent your device from entering sleep mode
  • Change audio settings
  • Change system settings
AFFECTED PRODUCTS
Chinese-data

Thankfully this is a spyware and you can check to see if you have or not. If you see the folder named Baidu in your device then your device contains the spyware. But, for users it isn’t the folder which seems to be the real cause for concern, though; it’s the fact that the phones open a connection to servers.

According to the reports affected devices include the new Sony Xperia Z3 and Z3 Compact, and several users from the Reddit community have also reported about the presence of this folder on their mobile phones, too — and not necessarily phones made by Sony. One owns an HTC One M7, another an HTC One X, a few others the OnePlus One.
STEPS TO DISABLE BAIDU SPYWARE
  1. Backup your important data and factory reset the device.
  2. Turn on the device and go to Settings -> Apps -> Running and Force stop both “MyXperia” apps.
  3. Then remove the baidu folder using File Kommander app.
  4. Go to Settings -> About Phone -> Click 7 times on the Build Number to enable developer mode.
  5. Download or Install the Android SDK on your computer and then connect the Sony device to it using USB cable.
  6. Run the adb tool terminal : adb shell 
  7. In adb shell, type the command: pm block com.sonymobile.mx.android
  8. Exit adb shell
  9. Reboot the device.
Note that the spyware does not necessarily affect the process or functionality of your mobile devices, so you shouldn’t be worried in this respect. Sony has not officially responded to this ‘baidu’ folder issue.
However, the company has recognized the issue and has said that in the next release the problem will be fixed. Unless Sony can roll out some kind of fix in the near future then it seems you might have to wait until Lollipop rolls out in January before you can get rid of Baidu.
Recently Chinese smartphone manufacturer Xiaomi has been called out for spying on personal user data using their smartphones. According to F-Secure Xiaomi Smartphones were sending user data back to the servers based in China.
Previous ArticleNext Article
Send this to a friend