There has been an explosion in the use of mobile devices like smartphones and tablets. Users expect to be able to use these mobile devices everywhere they go, including and especially at work or at school. This has coined a new term called “BYOD” which means Bring Your Own Device and has created new problems because the Net Administrator does not have control over securing these devices.
Read my article “Enterprise must protect against malware with BYOD rise” to get an idea of the vulnerabilities that can exist in mobile devices
Post an article about a specific malware for an Android, Iphone or tablet device. Answer these three questions in full sentences:
1. What does the malware do? (be specific)
2. What is the vulnerability that makes this malware possible?
3. What security advice would you give to the owner of this mobile device?
6 comments:
http://searchsecurity.techtarget.com/news/2240113773/Android-app-malware-exploits-Carrier-IQ-controversy
This piece of malware affects Android devices, particularly older devices and ones with custom modifications. This is a rogue application that claims to search for carrier IQ software, diplays information about the device to the user and declares that carrier IQ is not present on the device. The application presents the user with an uninstall button, but when pressed the application sends SMS messages to a premium rate number.
The main vulnerability that allows this malware to work is stupidity and paranoia of the user, because this malware is believed to have been spread through spam, phishing, or some other social engineering method. Users are likely to install the app because of their fear that carrier IQ software resides on their phone. Other vulnerabilities are the fake certificate that is supposedly from the Android Open Source Project which allows the malware to install without displaying the permissions granted to the application upon installation.
Security advice I would give to the owner of this mobile device would be to be wary of any emails or odd attempts to get him to download or install an application. Also, if they don't know the sender of the email or who is encouraging them to install a piece of software, don't install it! Research it if absolutely necessary, otherwise stay away and don't install things like that. Also, not having any custom modifications and keeping current with the latest patches and updates would help to protect against this rogue application and many other malicious apps out there.
http://totaldefense.com/securityblog/2011/12/13/Detailed-analysis-of-malware-sample-removed-from-android-market.aspx
This malware is similar to Luke's but different enough to warrant it's own mention.Like Luke's it sends out SMS messages to premium numbers, which vary based on what country the user is in. However, instead of being a bogus app playing on people's fears, this app pretends to be a lite version for a popular game (several variants were out, this article's version is using World of Goo). However, instead of just being a dummy front, the app downloads the actual game's installer from a website, and the user actually gets to play the game. Another interesting aspect of the app is that it registers SMS handlers on the system that block replies from the premium numbers, so the user never sees them.
Again like Luke's this malware leverages the stupid user phenomenon to gain access to the victim's device. Many Android users don't check an app's permissions when installing, and don't even check if the vendor is a reputable. What many thought was a free game turned out to cost them hundreds, if not thousands.
Luckily, Google took these apps off of the market, so they specifically are not a danger. However, this kind of malware can and will appear again. The only option for users to be careful about what they download, same as with computer applications. Make sure you trust whoever is giving you the app, and make sure the app doesn't ask for strange permissions.
http://news.cnet.com/8301-1009_3-57328575-83/androids-a-malware-magnet-says-mcafee/
There are a number of different types of malware affecting the android phones these days. One specific type is a trojan that records phone conversations and sends them to the attacker.
The attacker sends SMS Messages to the user and the user opens them. This probably installs or puts a piece of code on the phone and infects it. Many users probably open messages without regarding who they are from.
I would tell smartphone users to be careful what they download and what messages they open. If you do not know who or what just messaged you disregard it. Also if you are downloading apps at least see if other people downloaded them and didn't have problems.
http://mtc.sri.com/iPhone/
The iKee.B (duh) iPhone malware is really just a teenager who found holes in the idea of jailbreaking iPhones. This malware was released all over Europe. The malware was used to control the phone, and demand a $5 ransom to remove the infection from the phone. The teenager behind the infection realized that after jailbreak Dutch iPhones from T-Mobile, the phones were configured with a SSH network service with the known default root password of 'alpine'. Basically, users should be smart and change passwords, especially when they are basic root passwords used for multiple devices like smartphones.
http://dkgadget.com/android-walkinwat-trojan-steals-your-personal-data/
This is a type of malware for Android. Its called Android.Trojan.Walkinwat. This is a malicious app that looks like a free version of a paid software. When this is downloaded it steals your personal information. It sends your username, phone number, your unique device identifier, and other phone data. This malware can switch your device on or off, it can start and end calls, and it can access the internet. It also sends a text message to all of your contacts with the link of where to download the malware. To be safe from this malware i would advise owners of androids to be careful with what they download and to know wether or not the app is safe before you download it.
http://about-threats.trendmicro.com/Malware.aspx?language=us&name=AndroidOS_DROIsnake.a
This malware finds the current GPS coordinate of the affected phone and posts it via HTTP Post.
It's vulnerbility is that it pretends to be an adverage snake game, but secretly it downloads another malware, GPS Spy, which then could locate where the phone's GPS coordinates are.
The advice here is simply, be careful of what you download, and think twice before entering your e-mail on everything you download.
Post a Comment