• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 25th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance
Privacy

This Fidget spinner app is sending other apps data to Chinese server

December 12th, 2017 Waqas Security, Privacy 0 comments
This Fidget spinner app is sending other apps data to Chinese server
Share on FacebookShare on Twitter

A few months ago, Bluetooth-enabled fidget spinners were in the news for blowing up and putting lives in danger. This time, these toys are in discussion for posing a threat to users privacy and stealing their data.

According to Arun Magesh, an IT security researcher at Payatu Technologies, India; the AiTURE fidget hand spinner app on Play Store is collecting data of other installed apps and sending it to a server in China without their consent or knowledge.

This Fidget spinner app is sending user data to Chinese server

Developed by Chinese firm Shenzhen Heaton Technology Co.Ltd, AiTURE supports Bluetooth connectivity to user’s smartphone. Once the app is installed and connected to the phone, users can create their own patterns, single liners, and spin away.

Arun, on the other hand, conducted an experiment on several applications to check how do they transmit the data to the Cloud. After spending some time on AiTURE fidget hand spinner, he reverse-engineered the Bluetooth communications between the app and the fidget spinner. Upon intercepting the app and the Internet connection, he discovered a huge chunk of data, that is being transmitted to a Chinese server. The identified server’s login page (api.e-toys.cn/passport/login) asks for username and password to access “Background System EToys” login system.

This Fidget spinner app is sending user data to Chinese server

This Fidget spinner app is sending user data to Chinese server

On further analyzing the data packets, the researcher noted that the app sends all the information about the apps installed on his phone to the server in a clear text. Arun believes this data could be used to target ads or even send remote exploits based on 0-days on other installed on phones.

This Fidget spinner app is sending user data to Chinese server

Data the app collects from a device

Although the app has only 1,000 – 5,000 installs, it still poses a significant threat to its users since it sends all the information on installed apps along with their version and installation time.

“If they are so smart. Why send it in plain text using HTTP and not HTTPS?? This makes me wonder if all cheap Chinese products which are sold at low prices are sold at the cost of our private data? Are we not safe from anything anymore,” Arun told exclusively to HackRead.

However, encrypted or decrypted, the question is why a fidget spinner app is sending user data to a server in China? Arun’s curiosity about cheap Chinese products makes sense since this is not the first time a Chinese company has been caught getting their hands on user data.

Previously, a Chinese mechanical keyboard manufacturer MantisTek was found spying on users through built-in keylogger in its GK2 model and sending the data to a server apparently hosted on Alibaba Cloud server. In September this year, researchers found popular Chinese keyboard app GoKeyboard collecting data and spying on millions of users.

Those Android users who are concerned about their privacy are advised to avoid downloading unnecessary apps from Play Store and third-party stores. Remember, Play Store itself is home to tons of malware and malicious apps.

  • Tags
  • Android
  • China
  • Data
  • Google
  • internet
  • IoT
  • Play Store
  • Privacy
  • security
  • Spying
  • Toy
Facebook Twitter LinkedIn Pinterest
Previous article In-Store WiFi Provider Used Starbucks Website to Generate Monero Coins
Next article Bitfinex cryptocurrency exchange hit by massive DDoS attacks​
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

41
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

108
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

150

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us