Update Procedure Malware Smartphones
12. April 2021 Published by Raphael DoerrIn previous posts, we have informed customers about problems with defective apps on some of our older smartphones (GS100, GS160, GS170, GS180, GS270 (plus) and GS370 (plus)). We immediately investigated the incident intensely and worked closely with IT forensic experts and the responsible authorities, who are still supporting us in the investigation.
Due to a compromised server of an external update service provider, malicious apps have found their way onto some of our older smartphones. This did not happen as part of a firmware/system update provided by Gigaset.
Gigaset intervened immediately and contacted the update service provider. In cooperation with the update service provider, it was possible to ensure that by the next day no further smartphones were infected by the compromised server.
Initially, we had provided a proposed solution, which, however, did not lead to the complete removal of the unwanted apps for some customers. Accordingly and also in response to questions directed at us in the service and here on the blog we have put together the following information.
Reset to factory settings necessary
We recommend that affected customers completely wipe the device by resetting it to factory settings. We also recommend deleting data stored on a memory card inserted in the smartphone beforehand and formatting the card.
Why does the unit need to be reset?
The reason for this is that, according to current knowledge, the malicious apps that initially reached some smartphones through the compromised server reload other malicious apps that also have undesirable effects on the smartphone. To prevent this, the smartphone must be reset to the factory state. This ensures that all malicious apps are removed from the memory. A restoration of the personal data and apps can then be carried out by the customer via the common cloud and PC backups.
Why can’t I install a new firmware update manually?
The problem caused by the malicious apps cannot be fixed by simply installing a more recent firmware version. This is related to the problem described above that the malicious apps load further malicious apps and therefore the operating system must be reset to a pure, non-compromised original state.
Procedure
You can view your current Android version by opening Settings ➔ click on System Advanced at the bottom ➔ and then on System Update. Here you can see your Android version and the status of security updates. Please always delete your SD card first.
– Procedure Android 6:
- Erasing the SD card: Settings ➔ Memory & USB ➔ SD card ➔ Options (“Three dots” top right) Settings ➔ Format ➔ Erase and format.
- Factory Default: Settings ➔ Backup & Reset ➔ Restore to Factory Default ➔ Reset Phone
– Procedure Android 7:
- Erasing the SD card: Settings ➔ Storage ➔ SD card ➔ Options (“Three dots” top right) Storage settings ➔ Format ➔ Erase and format.
- Factory setting: Settings ➔ Back up & reset ➔ Reset to factory settings ➔ Reset phone
– Procedure Android 8:
- Erasing the SD card: Settings ➔ Storage ➔ SD card ➔ Options (“Three dots” top right) Storage settings ➔ Format ➔Delete and format.
- Factory setting: Settings ➔ System ➔ Reset options ➔ Erase all data (reset to factory settings) ➔ Reset phone
Contact for all other enquiries
If problems still occur after this procedure, we offer affected customers to contact the Gigaset Customer Service to send in their device for further analysis.
Please choose this contact and communication channel, as the colleagues in the customer service department will be able to help you quickly or, if necessary, also initiate further steps, such as ticket creation for an analysis submission.
We regret the circumstances that have arisen and will keep you informed of any news.
2 Comments
Dear Gigaset
you should be aware that this issue is happening on multiple Virgin Telly Tablet VM_MD_001 devices that we own and factory data reset is not a valid solution as the apps reinstall them selves soon as the device is connected to the internet. Temporary fix is by disabling the com.redstone.ota.ui app using ADB command. This only works for a short duration and when the app reenables or the tablet is reset again the issue re-appears.
Please ensure this issue is fixed on this device also
Dear Mr. Singh,
Thank you very much for your message. However we can not help you with this.
We are not Redstone and we did not produce the “Virgin Telly Tablet”.
You will have to get in touch with the company that created the tablets or with Redstone directly.
Sincerely, ^RD