Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this headphone firmware suspicious? (VirusTotal scanned)


  • Please log in to reply
3 replies to this topic

#1 nyaamiaa

nyaamiaa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 06 December 2017 - 12:18 AM

<TL;DR>

https://www.virustotal.com/#/file/61c7caad2eb08a02176d8cd38f4f34621c89a79ffc91d916efbdfed91689e667/behavior

https://www.virustotal.com/#/file/a3c9b4cce7466cb4aeaa3e394d5f48b84bc3368380b32c7c662d8d7738c668f5/detection

</TL;DR>

 

I just got JBL Everest ELITE 700 headphones and I noticed that there is a mobile app with some features I would like, but I would like them on Windows as the only "mobile" devices I have are in a VM on my Windows machines (I don't like phones, I'm weird.)

 

All I could find on JBL headphone software are the 2 files I put through VirusTotal, which I found at these 2 locations, respectively:

https://www.jbl.com/support-product-detail.html#prod=EVEREST%20700%20ELITE&tab=software

https://www.jbl.com/everest-app.html#/where-to-download/

 

These are 2 versions of the same thing as far as I can tell, released a few days apart, although from the scan details, it seems the April (1.2.1)version was:

First Seen In The Wild
2010-11-20

(mind the gap)

First Submission
2016-04-29

(7/64 detections) https://www.virustotal.com/#/file/61c7caad2eb08a02176d8cd38f4f34621c89a79ffc91d916efbdfed91689e667/detection

 

The May (1.2.2) version was released what appears to be 11 days after the above, notably hiding its behaviors from VirusTotal and decreasing in size about by 270KB

First Seen In The Wild
2016-05-10 14:06:51
First Submission
2016-05-10 14:09:53

(10/65 detections) https://www.virustotal.com/#/file/a3c9b4cce7466cb4aeaa3e394d5f48b84bc3368380b32c7c662d8d7738c668f5/detection

 

With the detections, and the author providing absolutely no information as to what this software is or does, I hope you can peek at this and see if you find anything suspicious.

 

Thanks!


Edited by nyaamiaa, 06 December 2017 - 12:28 AM.


BC AdBot (Login to Remove)

 


#2 Platypus

Platypus

  • Moderator
  • 13,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:46 AM

Posted 06 December 2017 - 02:35 AM

I think the indications are strong that the reports are a false positive. The flags are for heuristic detections, which involves detecting a possibly suspicious behavior, but many utilities or system tools have such behavior unavoidably due to what they are designed to do. I downloaded both files, and scanned with EmsiSoft Antimalware and Malwarebytes, neither of which gave any indication of any malware.

As a pointer to the difficulties that can occur with scans giving false positives, I noticed that the Trojan.Gen.8!cloud heuristic reported by Symantec gave a lot of trouble with false positives earlier in the year:

https://community.norton.com/en/forums/trojangen8-false

Edited by Platypus, 06 December 2017 - 02:36 AM.

Top 5 things that never get done:

1.


#3 nyaamiaa

nyaamiaa
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 06 December 2017 - 03:23 AM

Thank you, I did search the results and came across that issue. I suppose I'm paranoid based on the lack of (or non-existence of) information as to what that 28MB contains--what its for..

 

I'm pretty sure its not a replacement for the mobile app, and might be only there in cases where Windows doesn't recognize it or something.. but I wish companies would explain what the bleep their software contains!

 

I will try it out in Sandboxie or a VM and try to find out if it installs anything undesirable.

 

On a side note I believe undesirable code is included in more software than most people want to believe, and a utopian solution would be a private security company that would analyze all mainstream software and give it a cleanliness rating and/or a write up of its contents. If having a rating with details next to every download link became expected of companies to comply with, the world would be a better place! Similar to the FDA for software, but voluntary, and people could contribute similar in style to what WOT was supposed to be, but for software..

 

My mind wanders, we also need to use quantum teleportation to transmit data with zero latency to aid in space exploration, and stuff, and stuff, and stuff..

 

Long story short I probably expect too much xD thank you Platypus!



#4 Platypus

Platypus

  • Moderator
  • 13,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:46 AM

Posted 06 December 2017 - 03:36 AM

The file contains a firmware updater to update the operating firmware of the headphones, over the USB connection. It's not related to a mobile app.

When the updater software itself runs, my EmsiSoft real-time monitor warns of the software making modifications, which is the same warning I get from more than one normal program I use regularly.

Top 5 things that never get done:

1.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users