A source in the cybersecurity industry told Kommersant that Russian-made feature phones from DIGMA were cyberattacked through a pre-installed vulnerability. Similar malicious programs for hidden access to the device are also called "backdoors".
Such backdoors allow attackers to control the phone via the Internet. They can remotely send SMS messages from a device they control without the owner's knowledge and receive them, transfer data to third-party servers, register accounts in messengers to a phone number, collect contacts from the phone book, and so on.
DIGMA itself denies the presence of hidden functionality or the ability to connect SMS notifications to a subscriber without his knowledge in its devices. According to the company, there is no "stuffing" in its phones that can be classified as a built-in vulnerability.
The firmware incorporates functionality from a third-party Russian service, the purpose of which is to exchange fixed-format SMS messages to personalize available entertainment and information services in a particular region – horoscopes, weather, jokes, etc. The exchange of messages of this type is completely free for users. Paid services are connected only with the explicit consent of the user. Any other functionality, including allegedly hidden registration of users in messengers, is absent in DIGMA devices.
The company does not plan to withdraw its feature phones from sale, as it sees no reason to do so. But they will still respond to the signal from the outside with checks.
We will schedule an unscheduled independent testing of our devices to search for vulnerabilities in the firmware of feature phones from large independent companies and publish the results.
It is worth noting that DIGMA produces not only feature phones, but also printers, laptops, tablets, readers and other equipment. Feature phones of this company now occupy 5.9% of the market, and their sales are growing.
Read materials on the topic:
Outsmart the fraudster: T-Bank is testing a new service to combat telephone scammers
A bolt with a thread for a clever nut: Autodesk blocks accounts of Russian developers with VPN
Megafon was fined for calls from fake numbers from abroad
Roskomnadzor has opened the hunting season for scammers in messengers