Preinstalled spyware virus detected in all Samsung smartphones and tablets

Like any other smartphone manufacturer, Samsung includes in its products multiple pre-instituted functions and applications for various purposes; while most users simply ignore their presence and functions, many of these applications are really functional, experts in digital forensics say.

However, there is nothing that assures us that these applications are not used invasively, as reported by a Reddit user in reference to a feature pre-installed on the latest Samsung Galaxy models, which could be used as a spyware tool. 

In their post, available on a Reddit forum for Android enthusiasts, the user refers to Samsung Device Care, a hidden feature in the Settings menu of Galaxy devices; this tool allows to improve the performance of the smartphone and free up space in the internal storage. Although it seems to be a very useful feature, the user detected something concerning in Storage Cleaner, the memory cleanup feature in Samsung Device Care.

Device Care location

Digital forensics experts mention that the referenced feature scans the device’s internal storage to remove unused apps and any other junk data internally stored. Evidence indicates that Samsung developed this feature jointly with a Chinese company called Qihoo 360.

‘Powered by 360’, says the feature
SOURCE: PiunikaWeb

The Reddit user, who apparently resides somewhere in Asia, brings some background on this company: “Many in the West may not be familiar with this company, they must believe me when I say that this is a shady Chinese company that operates using many dirty tactics to gain market presence for antivirus programs and other technological developments,” says the post.

In its publication, the user mentions that, for example, the antivirus developed by Qihoo 360 scans the computers where it is installed looking for antivirus products developed by other companies to flag them as malicious software and remove them. Another of the tactics used by Qihoo 360 is invasive advertising, showing internet users fake virus detection alarms and forcing them to install their app; “Qihoo 360 tactics are widely documented,” says the user.

Regarding the Storage Cleaner feature in Device Care, digital forensics experts mention that it is pre-installed on Samsung smartphones and tablets, has the ability to communicate with Chinese servers and, most importantly, it cannot be removed unless ADB software or other methods are used.

In the post, the user picks up a report from China Daily a couple of years ago in which the confident author Qihoo 360 was in the process of partnering with the Chinese government with information sharing purposes, just like other Chinese companies do. Worryingly, the Qihoo 360 scanner has access to all personal data stored on Samsung devices, which could go into the hands of the Chinese government at any time.

Faced with the possibility of having found a spyware program, the user began to investigate on his own: “I set up a test environment using Wireshark to capture the packages and find the domains to which my smartphone communicates. Once in the storage section of Device Care, I pressed the update database and there it was, I discovered that my Samsung Galaxy was communicating with multiple Chinese servers,” adds the Reddit user.

List of Chinese servers communication with the smartphones
SOURCE: Reddit

The user was unable to determine exactly what information is sent to these servers, as this would require deploying a Man-in-The-Middle (MiTM) attack, although knowing that Samsung Galaxy sends information to Chinese servers is already severe enough to ignite security alerts.

The post began to attract the attention of tens of thousands of Samsung Galaxy users in Asia, who even began to provide their own solutions to the problem, although any method to remove this feature requires a certain level of knowledge on mobile operating systems and software not available on Google Play Store or official Samsung platforms.

In this regard, Samsung released a statement (written in Korean) in which they assure that Qihoo software is only used to verify the presence of unnecessary files in a device’s internal memory, and that at no point in this process personal data is shared between servers.

International Institute of Cyber Security (IICS) digital forensics specialists believe that Samsung should better respond to the concerns of its users, as the potential installation of spyware on its devices is a serious problem which should for no reason become a standard in the smart device industry.