B and N says they already fixed the NOOK malware issue, but….

nook_boxYesterday I posted a story about the new NOOK branded tablet coming with malware pre-installed. Barnes and Noble says that the device had already been update prior to its initial sale and that an new update to remove it completely is forthcoming. Here’s their response to 9 to 5 Google’s request for comment:

“NOOK Tablet 7” went on sale on November 26. By that time, the device automatically updated to a newer version of ADUPS (5.5), which has been certified as complying with Google’s security requirements, when first connected to Wi-Fi. ADUPS has confirmed to Barnes & Noble that it never collected any personally identifiable information or location data from NOOK Tablet 7” devices, nor will it do so in the future.

Finally, we are working on a software update to remove ADUPS completely from the NOOK Tablet 7”. That update will be made available to download within the next few weeks, but in the meantime customers can rest assured that the device is safe to use.” – Fred Argir, Chief Digital Officer

The problem with this is that Charles Fisher, the engineer who broke the story on Linux Journal, says that ADUPS 5.5 is not version that was on the NOOK BNTV450.

A new Android Central article notes that the shipping version for the tablet was 5.2.0.2.002. Evidently, there was some sort of an update, as their post goes on to note that “the version in the update file we received last night is 6.0.” While they state that the update should solve the ADUPS problem, they are still saying avoid this one:

But there are plenty of reasons to still not buy this tablet. Beginning with the fact that it’s still 100% vulnerable to CVE-2015-6616. In human language, that means the Stagefright exploit. The Android version (6.0 in this case) should be at least partially patched, but there are security updates for the processor which have not been applied.

The bottom line is that there is just too much uncertain about this tablet. I am sending mine back.From comparing them side by side, the $50 Fire 7″  was faster anyway….

Photo © The Ebook Evangelist

So that $50 NOOK has malware….

new_nookIf you had wondered if that NOOK $50 tablet was too good to be true, turns out you were right. Remember last month’s story on that ADUPS malware that was infecting the Blu R1 HD phones and sending data back to China? Yeah, that one. Well, as it turns out, the same malware is affecting the NOOK BNTV450. And, unlike the BLU scenario where an update was issued, 9 to 5 Google is reporting that there seems to be no way to disable the ADUPS on the NOOK device.

If you want the technical info on the malware, there’s a lot more information on the issue in the Linux Journal article that apparently broke the story. The article notes that Google has blacklisted the ADUPS agent and that a user can expect “zero privacy” from a device with this agent installed. Barnes and Noble has yet to comment on the story.

Since I bought one of these last month, I am not a happy camper. Although I hadn’t had time to do much with it (maybe a blessing in disguise), I was already past the 14 day return window that the online store allows. I have performed a factory reset on my device while I reach out to Barnes and Noble on the matter.  I suggest you do the same or use at your own risk. While the ADUPS does not seem to be active at the moment, that can change at any time.

To reset the device, go to Apps> Settings>Backup and Reset. (Note that the correct one is the grey option that says just settings, not the green NOOK settings option.) Everything will be erased from the tablet, so make sure to transfer any files you want to keep.

More on this as it unfolds. I will update with any news from Barnes and Noble. I am off to change passwords. 😦

See an update to this story here.