[BreachExchange] BLU settles with FTC over failed implementation of security procedures

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 3 19:32:51 EDT 2018


A settlement has already been reached by BLU Products, its co-owner, and
FTC. The Federal Trade Commission has been looking into an issue that BLU
was allowing another group to collect details about the consumers. The
information varies from real-time location to text messages sans any
permission from the users. Personal information and data are supposed to be
private and secure but BLU was allegedly sharing them. This settlement with
FTC will have BLU implement a data security program now. This way,
unauthorized access can be prevented.

There are many issues surrounding BLU phones. If you may remember last
year, Amazon dropped phones from BLU Products in relation to security
software issues. The secret software was believed to be tracking
Chinese-made smartphones. As a response, BLU kicked out the Chinese spyware
from their phones and got Google instead. The OEM then was listed back on

As for the FTC complaint, the agency alleged BLU misled the consumers and
falsely represented that they implemented procedures that protected the
personal information of consumers. We remember ADUPS security breach that
got the mobile industry talking. Chinese-made phones are believed to be
vulnerable to a secret software that tracks behaviors. That’s something
really questionable, putting devices at a security risk. ADUPS was then
discovered to be collecting and sharing data unbeknownst to the users.

BLU and its President and co-owner and Samuel Ohev-Zion are said to have
misled plenty of consumers. The settlement then brings BLU to third-party
assessments every two years as part of a security program for two decades.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180503/f6ae305b/attachment.html>

More information about the BreachExchange mailing list