Mobile Security archives
Mariposa Botnet Hits Android via HTC Magic and Vodafone…or Does It?
Filed Under: Mobile Security, SecurityTuesday, March 23rd, 2010
About two weeks ago, I was sitting in our new Threat Center and we were tinkering around with a website that is part of our tool set to identify indications of malware or infections affecting smartphones across the world. The website that we were looking at is called Twitterfall.com and it allows a user to perform keyword searches to match against tweets that are being published. It’s amazing how quickly information hits Twitter and even more amazing how quickly that information is re-tweeted, copied and pasted, and parroted as the truth.
Among others, one of the keywords I chose was “android malware”. I was immediately presented with dozens upon dozens of nearly identical tweets parroting the sentiment that Vodafone had sold at least one Android handset to a Panda Security employee that was infected with malware. Obviously, this immediately sparked raging discussions in Android and Apple forums declaring Android a failed iPhone killer. iPhone fans were ready to begin singing “another one bites the dust” as they saw Android’s attacks being repelled.
But, what was lost in the immediate attempts to castigate Android as an inherent security flaw because of it’s open source philosophy, was the fact that the Android device in question was not infected with malware. What’s that you say? Not infected? That’s right…not infected. What actually happened was that a Panda Security employee received an HTC Magic device running the Android operating system, from the carrier Vodafone, that had three instances of malware pre-loaded onto the device’s SD card. The device SD card is wholly separate from the Android operating system.
When the Panda employee connected the device to her PC via the USB cable, she was automatically alerted to the fact that her anti-virus software on the PC had detected the existence of an autorin.inf and autorun.exe that were both being flagged as malicious. Further analysis indicated that the device was infected with the Mariposa botnet, the Conficker worm and a Lineage (the game) password stealing tool. This is terrible news, right? Of course it is…for Vodafone and for HTC. But is it necessarily bad news for Android? Not really.
Let’s take a a closer look at what actually happened. HTC manufactures the Magic device and chose Android to drive the proverbial bus. HTC likely purchases SD cards from some other manufacturer and may do some level of formatting or configuring of the SD card before or after it has been installed in the Magic device. HTC then ships the handsets with some Vodafone specific ROM installed on the device, and the pre-installed SD card to Vodafone. Vodafone then sells the device to a customer. As an interested observer, I don’t really see where Android plays any factor in this equation at all.
This is certainly not the first time we have seen malware being distributed directly from some vendor or retail center. Just to level the playing field, let’s focus on the case of iPod’s being distributed with a free SIWEOL.A worm that affected Windows PCs. Ok, that was a cheap shot. But the point is that we have seen plenty of cases that indicate that attackers are doing whatever they have to do in order to get their malware in your lives. We know that USB media drives come from retail stores with malware. Digital picture frames have been the attacker and McDonald’s in Japan had to recall 10,000 MP3 players back in 2006. There are still more examples of these types of successful attacks that I’ll continue to ignore.
With the exception a very few security centric blogs or analysis pieces that responsibly laid the blame of this attack on a faulty QA process between HTC and Vodafone, too many outlets were ready to call Android the problem. But, what was lost in the finger pointing was the fact that a proven defense-in-depth strategy is what identified the problem and protected this user (and many others) from becoming a victim of and possibly propagating the affects of the attack. It also didn’t hurt that the victim of the attack was a security-minded employee of a reputable PC security company. This particular user was employing best practices and relied upon an anti-virus solution to assist in identifying malicious content. Bravo!
The only part that Android could have played in this whole story would have been if Vodafone had bundled an anti-virus application with the device’s ROM that was configured to detect Windows-based malware that resided on the device’s SD card. At the point that this story broke, there would have been exactly zero smartphone AV applications in the world that were capable of detecting this threat. But, proven PC security mechanisms worked…as they should have.
What should be taken away from this whole debacle (since it wasn’t learned from the previous ones) is that when using technology, both in conjunction or on it’s own, there are limitations to what can be done to protect yourselves. As a user that may be interested in protecting your personal information or financial assets, it is increasingly important to properly leverage technology to provide coverage where it applies. In this scenario, the malware that existed did not affect the Android device, so there was no capability to detect it on the SD card. But, when it did became an issue and could affect the Windows system, there was a capability to detect and defend.
Some might expect an Android anti-virus application to be able to detect this type of malware if it resides on the device. This is where those limitations I spoke of come into question. At this point in the game, it’s simply not possible for a Smartphone to effectively handle detection of every PC malware that we know about. There simply is not enough resources available on the device. But, the PC can handle it…and in this case, it did.
Cybercrime Complaints, Reported Losses Increase
Filed Under: Mobile SecurityMonday, March 15th, 2010
By M.P. MCQUEEN
Complains about Internet crime in the U.S. soared last year in a phenomenon tied to the poor economy, law-enforcement officials say.
The number of reports increased 22.3% in 2009 over 2008, and reported losses soared to $559.7 million, up from $265 million a year earlier.
Losses per incident also rose in transactions in which a loss occurred, to a median of $575, according to information provided Friday by the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center, a nonprofit federally funded group that aids local law enforcement. The center develops information and refers complaints involving cybercrimes to appropriate investigative agencies, including international police. Losses were $17.8 million in 2000, the center’s first year of operation.
SMobile GTC Sees Android Malware Coming
Filed Under: Blog, Mobile Security, Mobile ThreatsFriday, March 12th, 2010
Open source versus closed source. It’s a discussion that often leads to heated arguments and one that will likely continue well beyond its usefulness. The discussion began before many of us realized there would need to be terms such as “malware” and the often incorrectly used “hacker”. Regardless of what side of the discussion you come down on, the term Android has not helped to lessen the veracity of the debate. Since Google released the first Smartphone operating system that was supposed to be completely open source, the debate between BlackBerry, Windows Mobile, iPhone and Symbian users continues to get louder.
Whether you’re new to the Smartphone revolution or are an Android convert from some other platform, there is a reason that you chose Android. Some wanted to break the stuffy business-like feel of the BlackBerry. Others were excited about the possibilities that an operating system built on a Linux kernel with incredible customization capabilities brings. Some wanted something that was friendly or easier to use than the Windows Mobile or their Symbian device. Then there are the ones that just want to be anti-Apple. There are just as many anti-everything-Apple as there are Apple “fanboys” in the world. There are also those that just got a deal from their provider that they couldn’t refuse. Regardless of the reason, Andriod’s market share is growing….
To continue reading, download the full Android Malware Whitepaper
Mobile Devices Facing Security Challenges
Filed Under: Mobile SecurityTuesday, March 9th, 2010
By DOUG TSURUOKA
Smart phones and other mobile devices remain vulnerable to hacker attacks, and Apple products in one way more than most, says Daniel Hoffman, an executive in the computer security business.
Apple hasn’t developed adequate software to protect and encrypt (scramble so that only authorized folks can read the data) core components of its new iPad tablet computer, Hoffman says. He’s chief technology officer for privately held SMobile Systems, a Columbus, Ohio-based company that provides security software applications for mobile devices.
Hoffman, of course, has a vested interest in noting such possible security weaknesses. Still, he says, it shouldn’t detract from his point that more users need to understand that all mobile devices — including Apple’s iPad and iPhone — must be protected in the same manner as PCs.
Read more on mobile devices facing security challenges
Five Simple Tips for Better Mobile Security
Filed Under: Mobile SecurityMonday, March 1st, 2010
You talk all day on your phone. You peck out dozens or hundreds of messages. You access files remotely. You check your calendar hundreds of times per month. Clearly your mobile phone is VERY important to you.
If it’s important to you, it’s also important to hackers who know it contains valuable information to help them hack into your corporate network or find data to be used for financial gain (ie credit card numbers, passwords, personal information and etc).
Read the entire article on Better Mobile Security
Effective mobile security is a reality says BlackBerry
Filed Under: Mobile SecurityThursday, February 25th, 2010
Introducing mobile technology into the NHS, especially smartphones, can generate good cost savings, as well as enhance the security of the staff and the patient, said Daniel Morrison-Gardiner, a senior government account manager with BlackBerry.
Speaking at the Mobile and Wireless Healthcare conference in Birmingham yesterday, Morrison-Gardiner explained to his audience of NHS professionals that community-based services can reap many benefits from the use of smartphones.
Services such as auditable mileage claims by staff – using data from on-phone global positioning system technology – and the ability to manage workflows on the move, without having to return to the office or power up a laptop, can all improve the level of patient service, he explained.
Read the entire article on BlackBerry Mobile Security
Sexting Spy – Tracking Teen Texts
Filed Under: Mobile Security, Mobile Security NewsWednesday, February 24th, 2010
Before teenagers even have time think about consequences, risque and revealing information is instantly sent out and once it’s done, there is no getting it back. Sexting has become almost as popular as sex itself.
A recent study found nearly 40% of teens have sent or received sexual text messages; 20% have sent naked pictures. Girls are more likely to sext than boys.
In some cases sexting has turned tragic, Hope Witsell, 13, and Jesse Logan, 18, committed suicide after nude pictures of them circulated. Here in West Virginia, promiscuous pictures courtesy of a cell phone were found on a Chapmanville High School computer. For parents, technology presents a whole new challenge.
Parents can pick and choose how much information they want to know from viewing every message to just keeping track with GPS. It’s simple to use, the program is installed on the phone and SMobile takes over tracking the information.
Read the entire article: “Sexting Spy, Tracking Teen Texts”
New security threat against ‘smart phone’ users
Filed Under: Mobile Security, Mobile ThreatsWednesday, February 24th, 2010
Nefarious: The software can even drain a smart phone’s battery.
Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences.
The researchers demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless.
These actions could happen without the owner being aware of what happened or what caused them.
Read the entire article on New Security Threats against ’smart phone’ users
Hordes of new threats ahead for mobile networks
Filed Under: Mobile Security, Mobile ThreatsWednesday, February 24th, 2010
Malware on smartphones is just the first in a series of new security threats for mobile networks ushered in by the embrace of internet technologies, according to mobile phone encryption firms.
Dr Bjoern Rupp, chief exec of GSMK CryptoPhone, warns that criminal gangs are able to steal private information and undermine fair business trading thanks to advances in technology that have made attacks possible on low-cost kit. Years ago such attacks were only possible for intelligence agencies, but have now become feasible as a means of industrial espionage.
Read the entire article on new mobile threats ahead
How Secure Can Security Be?
Filed Under: Mobile SecurityTuesday, February 23rd, 2010
by Emmanuel Carabott
Recently I came across a series of articles that claims that most solutions that encrypt voice communications on mobile phones are not up to par and can easily be intercepted. My first reaction was that this was a very bold claim and after reading further I kind of lost a little faith in the author’s arguments. That being said, some of his arguments do have merit and his approach was very clever in its simplicity.
Notrax, the hacker in question, approached the challenge not by cracking the voice encryption algorithm itself but by installing a Trojan on the victim’s headset and intercepting the voice as it is being recorded from the cell phone’s microphone before it gets processed / encrypted. Simple and effective. Nearly all of the solutions were vulnerable to this approach.
Read the entire article, How Secure Can Security Be?
