Thursday, December 22, 2016

Barnes & Noble removes malware from $50 Nook tablet, but you still shouldn't buy it

The update may remove the part where your data goes back to China, but everything else is bad and unchanged.

About that $50 Barnes & Noble tablet. You might have heard that researchers working with Linux Journal found that the BNTV450 shipped from the factory with the same malware that phones from Blu and other companies that use a MediaTek processor had. It's called ADUPS and it was configured to literally harvest your personal data and send it back to a server in China.

Sometimes, data really does get sent back to China. This was one of those times.

Anyway, there's an update in the wild that "fixes" things. At least this one thing. Maybe.

The update brings a new version of ADUPS to the tablet. Supposedly, the "bad stuff" the ADUPS malware does is no longer present in versions newer than 5.5. The shipping version — 5.2.0.2.002 — was filled with data stealing goodness, but the version in the update file we received last night is 6.0. The worst part is that most of us can't check for this ourselves, as the ADUPS application needs to be completely decompiled to see the version number in the app manifest. To make a long story short, unless the folks behind ADUPS are doing something else that's shady, the update from B&N squares the malware issue away.

The "Maybe" part? Plenty of people consider any device with any version of the ADUPS software to be compromised and not fit for storing your personal information on. Personally, I'm with them but it's your $50.

But there are plenty of reasons to still not buy this tablet. Beginning with the fact that it's still 100% vulnerable to CVE-2015-6616. In human language, that means the Stagefright exploit. The Android version (6.0 in this case) should be at least partially patched, but there are security updates for the processor which have not been applied.

Don't buy this tablet. I'm telling you to not buy this tablet and our own Modern Dad looked at this one so you didn't have to.

Here's what he has to say about the update:

So it had malware in the program that serves ads. An update is removing the malware from the program that serves the ads. It's still not worth $50. Suck it up and buy an iPad or a Kindle Fire HD.

You know what tablet doesn't have malware, performs way better, and also costs $50? The Amazon Fire Tablet 7.

See at Amazon



from Android Central - Android Forums, News, Reviews, Help and Android Wallpapers http://ift.tt/2h6HO4o
via IFTTT

No comments:

Post a Comment