Android attacks uncovered

If you’ve got an Android or another similar mobile device, here’s something to look out for …

Malware posing as movie player sends premium-rate text messages – but permission alert should protect careful users

Two new attacks on Android mobile phones and other devices have been uncovered by security firms.

One, a piece of malware posing as a movie player, sends text messages to premium-rate numbers, collecting charges applied to the user. Kaspersky Labs, which found the program, claims it is the first SMS-based malware attack on mobiles running Google’s Android operating system. It is thought to be most prevalent among Russian users; the threat to worldwide users is said to be low.

Prior to installation, as required by Android’s application permissions, the “Media Player” asks users to confirm permission for the application to run “services that cost you money (send SMS messages)”.

A statement released by Google said:

“Our applications permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user’s phone number or sending an SMS.
“Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market.”

This application is not thought to have been available in the Android Market, so affected users would have had to change a default setting on their handsets to allow installation of it from an external website.

Meanwhile, the British security firm MWR InfoSecurity has found a flaw in the internet browser of Android versions 1.6 to 2.1, allowing an attacker to remotely access a user’s internet history – including sites visited, cookies, usernames and passwords – by code injected in a compromised website, or through an unsecured Wi-Fi network.

The vulnerability was reported to Google’s Android team in May this year, according to the security firm. A fix present in the latest version of Android, 2.2 Froyo, eradicates the problem, while Android is said to be working on a patch for previous iterations.

Alex Fidgen, MWR’s commercial director, advised users simply to avoid using unsecured Wi-Fi networks. He said: “This is one of the most serious implications in mobile technologies to date and calls into question fundamental assumptions about mobile phone security.

“The best way an attacker could affect this is to mimic an unsecured network or spoof an access point – this has been around years. [Attackers are] all using techniques that have been around years now.

“This is a really serious problem, there’s no two ways about it. Mobile companies are not encorporating security enough while smartphone adoption is increasingly widespread.

“The flaws could have been ‘fixed’ when the mobile phone companies issued new operating software recently but they did nothing.” © Guardian News & Media Limited 2010 | Use of this content is subject to our Terms & Conditions | More Feeds

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures remote device management products for IT applications. WTI’s Console Switch products, Remote Reboot products, Switched PDU products and A/B Fallback products are engineered to allow you to securely manage and troubleshoot rack equipment in remote locations.

Tags: , , ,

Comments are closed.