An independent security researcher published proof this
week that Motorola phones with the Blur service installed are sending a
myriad of credentials and private information silently to Motorola
servers, as well as communicating via a modified version of the Jabber
protocol in a format reminiscent of botnet command-and-control.
The
disclosure - which featured packet captures, screen shots, and a full
analysis of all of the data being sent - includes reproduction
instructions for anyone concerned about their Motorola phone behaving
in a similar manner.
Impacted phone owners appear to have little
recourse at this time, as the service responsible for this information
disclosure cannot be removed without rooting the phone and installing a
stock version of Android.
(more)