Electronics retailer DNS issued the product recall after a security researcher published their findings last week
Following our report that certain push-button phones sold in Russia were found to contain backdoors and trojans, the country’s DNS chain of stores, which sells the DEXP devices, has recalled them.
Late last week, we reported that Russian researcher ‘ValdikSS’ had discovered that the DEXP SD2160 and SD2810 were transmitting the fact that they’d been sold over the internet, while sending paid SMS messages to short numbers with text received from the server.
Now, DNS, which makes the phones and sells them through its chain of electronics stores, has recalled both models, telling ValdikSS that it’s because of our report.
Customers will be offered a refund or exchange if they purchased the DEXP devices within the past two years.
“According to the specialist, the infected devices connect to the attackers’ servers via GPRS. They transfer unique IMEI and IMSI data to third parties, as well as send paid SMS to short numbers,” it says in a statement on its website.
“In the course of an internal investigation, the DNS company recognized possible manufacturing defects in two models of push-button phones at once. In this regard, the retailer announces the launch of a recall campaign.”
The other manufacturers whose products showed similar flaws – Itel, Irbis, and F+ – have yet to respond.
RECOMMENDED ‘Stalkerware’ vendor SpyFone barred from surveillance market, FTC announces