Electronics retailer DNS issued the product recall after a security researcher published their findings last week

Russian retailer DNS issues DEXP phone recall following security audit

Following our report that certain push-button phones sold in Russia were found to contain backdoors and trojans, the country’s DNS chain of stores, which sells the DEXP devices, has recalled them.

Late last week, we reported that Russian researcher ‘ValdikSS’ had discovered that the DEXP SD2160 and SD2810 were transmitting the fact that they’d been sold over the internet, while sending paid SMS messages to short numbers with text received from the server.

Now, DNS, which makes the phones and sells them through its chain of electronics stores, has recalled both models, telling ValdikSS that it’s because of our report.

Customers will be offered a refund or exchange if they purchased the DEXP devices within the past two years.

DNS has issued a callback campaign for DEXP B281 and SD2810 cellphonesDNS has issued a callback campaign for the DEXP B281 and SD2810 cellphone models

“According to the specialist, the infected devices connect to the attackers’ servers via GPRS. They transfer unique IMEI and IMSI data to third parties, as well as send paid SMS to short numbers,” it says in a statement on its website.

“In the course of an internal investigation, the DNS company recognized possible manufacturing defects in two models of push-button phones at once. In this regard, the retailer announces the launch of a recall campaign.”

The other manufacturers whose products showed similar flaws – Itel, Irbis, and F+ – have yet to respond.

RECOMMENDEDStalkerware’ vendor SpyFone barred from surveillance market, FTC announces