Jump to content
Reliance Jio & Reliance Mobile Discussion Forums
rajanmehta

Android OS & Apps - Security Threats & Vulnerability

Recommended Posts

Android overtakes Symbian as the most-attacked mobile OS

android_vulnerability-520x245.jpg

McAfee Security in its second quarter Threats Report said that the proliferation of malware on Android was up 76% from the last quarter, coinciding with the platform’s significant increase in popularity over the past year. “The rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cyber-criminals,†the report said.

More:

http://www.reuters.com/article/2011/08/23/us-mcafee-android-malware-idUSTRE77M0WN20110823?feedType=RSS&feedName=technologyNews&dlvrit=56505

Share this post


Link to post
Share on other sites

Google pulls Android Market malware that exploits SMS hole

andysale-day-six-1323863230.jpg

Google's reportedly pulled 22 malicious apps after two security firms tipped them off that the malware was tricking users into sending SMS messages to premium-rate phone lines.Android.RuFraud poses as popular games like Angry Birds, Assassins Creed or Tetris and can affect users across Europe and Russia. Fortunately the apps are easily spotted and deleted, but were downloaded 14,000 times before being pulled.

Via : Engadget

Share this post


Link to post
Share on other sites

Lookout releases mobile threat visualization app for Android

Mobile security guru Lookout, maker of data backup and security apps for all modern smartphone OSes, announced the release of a new app for Android that will show you where threats are being blocked, as well as the top current threats to your mobile device.

Upon launching the app you are treated to a nifty 3D globe, with successfully blocked attacks represented by particles that fall onto the planet as you scroll along an interactive timeline scrolls through time. Tap on the information button and you are graced with the top three current mobile threats, as well as the breakdown between the proportion of spyware and malware (malware is currently whooping spyware at a 60:40 ratio). The globe on that page also tracks current threats, so you can see hotspots where mobile threats are emerging.

The data is updated every hour, so if security is your thing you can watch as new threats create outbreaks and then get cleared up. Of course Outlook can only track phones with their security software installed, but with 15 million device installs worldwide they should capture a fairly typical cross-section of smartphone users. No word on when we might see Mobile Threat Tracker on other OSes, but if it proves popular we imagine it will show up sooner rather than later.

If you want to try Mobile Threat Tracker out, you can get it on the Android Market. Perhaps this app shouldn't be recommended for the habitually paranoid...

Source : Phonearena

Share this post


Link to post
Share on other sites

Android bug can lead hackers to grab total control of your phone. Scary stuff.

Clicking on a link in an email that appears to be from a trusted source could lead hackers to take control of your Android handset. A flaw in a component of the open source OS is at fault according to cybersecurity firm CrowdStrike. Once the link is pressed, the virus takes over the phone allowing the hacker to listen in on phone calls and monitor the location of the phone. It is at this point that the hacker has complete control of the phone.

Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, said he researched the problem to point out how mobile devices can be vulnerable to these attacks by hackers. It is the same MO used by hackers on desktop computers. First, find an unknown vulnerability in software, and then take advantage of it by sending malware that is activated via an emailed link or attachment. Alerovitch said, "With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices."

The software used by CrowdStrike to simulate the flaw will attack those phones running Android 2.2, which is 28% of the Android market currently. Next week, the firm says it will have a version of the software that can attack another 59% of Android models, those running Android 2.3. The flaw in the software can be traced to the WebKit browser on the phone.

Back in 2009, a pair of researchers, sent malicious code via text messages on the Apple iPhone. Apple quickly repaired the problem after it was publicized. Hopefully for Android users, Google will be able to do the same.

Source : Phonearena, Reuters.

Share this post


Link to post
Share on other sites

Hacker Demos Android App That Can Wirelessly Steal And Use Credit Cards' Data

http://www.forbes.com/sites/andygreenberg/2012/07/27/hacker-demos-android-app-that-can-read-and-use-a-credit-card-thats-still-in-your-wallet/

sexysecurity_1.jpg

Sent from my iPad using Tapatalk HD

Share this post


Link to post
Share on other sites

Does it means using version 2.3.4 is safer compare to other versions.

Share this post


Link to post
Share on other sites

Safety:

1. Use Droidwall (a firewall) to control applications from accessing internet

2. Always check the permissions asked by applications before installations

3. Last, can use PDroid Patch to control the type of access

Share this post


Link to post
Share on other sites

Got TouchWiz? Some Samsung Smartphones Can Be Totally Wiped By Clicking A Link

Source

Demo Dirty use of USSD Codes in Cellular Network en Ekoparty 2012 VIDEO

Curious to see if your Samsung phone is vulnerable? A chap named Dylan Reeve cobbled together a test site that replaces the reset code with one that prompts your device to display its IMEI number. If your phone willingly offers up its identifier number, well, just be careful of what links you follow until Samsung gets something figured out (and switch to a new dialer app while you’re at it).

At a recent security conference in Argentina, Technical University Berlin researcher Ravi Borgaonkar showed off a slightly disturbing vulnerability that could prompt a Samsung phone to wipe itself completely after an unsuspecting user clicks a link.

Here’s the exploit in a nutshell: a simple line of HTML (which we won’t be reproducing for obvious reasons) goads a vulnerable device into dialing a specific USSD code that triggers a full wipe/reset. According to SlashGear and The Next Web, vulnerable devices include the popular Galaxy S II and S III series, as well as the Galaxy S Advance, Galaxy Beam, and Galaxy Ace.

Well damn.

This whole thing boils down to how Samsung’s TouchWiz dialer handles these USSD codes — stock Android devices like the Galaxy Nexus interpret the code properly and loads the key-combination for a reset into the dialer but doesn’t actually pull the trigger on its own. Meanwhile, the TouchWiz dialer takes things a step further by dialing the code automatically, which in South Park parlance means you’re going to have a bad time.

As it turns out, it’s not just the dialer’s fault here — the way the stock browser handles the “tel:” protocol handler seems partially to blame too. Using Chrome and other third-party browsers seems to help mitigate the issue, though some reports on the xda-developers forum claim otherwise.

That said though, the easiest way for an utter ******* to spread a bit of despair would be wrap that offending code in an iframe, run it through a URL shortener (as some have already done purely in the name of science), and spread it around. Oh, but it doesn’t end there — Borgaonkar also noted on-stage that a simple text message could also be used as an attack vector, as well as QR codes (only with some QR code scanners) and link sharing through NFC/Android Beam. Samsung hasn’t yet released an official statement on the matter, but representatives have told The Verge that the company is looking into it.

Remote USSD Attack - Prevention

Share this post


Link to post
Share on other sites

Hmm.. more reasons to hate touchwiz. I love vanilla android more than any custom skin.

Sent from my iPhone like looking (for Sheeps) Galaxy Nexus using Tapatalk 2

Share this post


Link to post
Share on other sites

Android Flaw Lets Attackers Modify Apps/Steal Data Without Breaking Signatures

The vulnerability affects 99% of Android devices and has existed since Android 1.6, researchers from security firm Bluebox said.

Full Article HERE >> Uncovering Android Master Key That Makes 99% Of Devices Vulnerable

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

While the risk to the individual and the enterprise is great (a malicious app can access individual data, or gain entry into an enterprise), this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) – that are granted special elevated privileges within Android – specifically System UID access.

Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.

Share this post


Link to post
Share on other sites

SOURCE XDA LINK

The Master Key Vulnerabilities can NOW be FULLY PATCHED... Thanks to XDA

WARNING:-

The following procedure is to be done at your own risk. It may brick your phone, if you are doing without knowing what you are doing... If you don't want to take such risk, a simple way to AVOID those vulnerabilities is "Unchecking Install from UnKnown Sources Box in Security Settings" and you will be still safe.

Further the patch may NOT be necessary for those with latest Sammy devices which is said to be patched already. To check if your phone is safe already install BlueBox security scanner (link in step 7) and check beforehand.

This method is better than Norton Security which eats almost 50% of phone's battery life by staying in memory always and still better than ReKey app (root needed) whose functionality is still unconfirmed and again it needs to reside in memory so that your phone will be safe...

--------------------------------------------------------------------

Friends here is the patch for the masterKey (dual) vulnerability... (Of course for rooted users)...

1] First download and install the attached XposedInstaller_2.1.4.apk and then install "Master Key Dual Fix" app from Play Store LINK

2] Run the XposedInstaller and goto Modules Tab and enable "Master key Dual Fix" checkBox...

3] Comeback to "FrameWork" Tab and click "Install/Update" button..

4] Allow root access where ever asked...

5] Then reboot by pressing reboot button...

6] Then run Master Key Dual Fix app and you are done...

7] Install Blue Box security Scanner from play store (LINK) and run to confirm that the vulnerabilities are blocked...

8] Goto the XDA thread in source link above and click Thanks button there... (I don't think I deserve one as I am just a messenger of good thing)

-------------------------------------------

I have checked this in my both rooted Indian RazrMAXX and Verizon RazrMAXX_HD phones (both running JB 4.1.2) and I can confirm its 100% working great... Now we can again enable the "Install from UnKnown sources" checkbox in security settings...

XposedInstaller_2.1.4.apk

Edited by KanagaDeepan
  • Like 3

Share this post


Link to post
Share on other sites

A new windows virus is detected floating in the wild that targets Android devices attached to the pc which is been invaded by the said virus. This particular virus is seems to be made targetting Korean people but similar viruses may be floating around the internet. According to the newest Symanatec security(malware) bulletin, the virus which is named as Trojan.Droidpak will install ADB in the computer by itself !! and continously checks for any Android device is connected(with USB debugging enabled). Once it finds an Android device with USB debugging enabled then it installs a fake Google Play Store App, called as Google App Store(check the screen shot below). Once the fake Google Play Store is installed it scouts for any authenticated applications of any Korean banks(that's why it is reported to be targetting only Korean people) and if it finds any such apps then it prompts the infected users to uninstall genuine apps from Korean banks & install some fake ones. The Android users can protect themselves from this virus if you take two safety steps, 1) never leave USB debugging continously on so that even if you connect your Android device to some untrusted computer(computers belong to others) the virus can't effect you. 2) secondly always try to download the apps from original source or verify whether you are doing or not and also choose the option to verify authenticity of the apps installing through USB(there will be an option in settings for this).

A detailed report can be seen @ Symantec Blog

figure2_10.png

  • Like 2

Share this post


Link to post
Share on other sites
Self-propagating SMS worm Selfmite targets Android devices


A rare Android worm that propagates itself to other users via links in text messages has been discovered by security researchers.


Once installed on a device, the malware, which was dubbed Selfmite, sends a text messages to 20 contacts from the device owner's address book.


Most malware programs for Android are Trojan apps with no self-propagation mechanisms that get distributed from non-official app stores. Android SMS worms are rare, but Selfmite is the second such threat discovered in the past two months, suggesting that their number might grow in the future.


The text message sent by Selfmite contains the contact's name and reads: "Dear [NAME], Look the Self-time," followed by a goo.gl shortened URL.


The rogue link points to an APK (Android application package) file called TheSelfTimerV1.apk that's hosted on a remote server, researchers from security firm AdaptiveMobile said in a blog post.


If the user agrees to install the APK, an app with the name "The self-timer" will appear in the app list.


In addition to spreading itself to other users, the Selfmite worm tries to convince users to download and install a file called mobogenie_122141003.apk through the local browser.


Mobogenie is a legitimate application that allows users to synchronize their Android devices with their PCs and download apps from an alternative app store. The Mobogenie Market app was downloaded over 50 million times from Google Play, but is also promoted through various paid referral schemes, creating an incentive for attackers to distribute it fraudulently.


"We believe that an unknown registered advertising platform user abused a legal service and decided to increase the number of Mobogenie app installations using malicious software," the AdaptiveMobile researchers said.


The security vendor, which claims that its technology is used by some of the largest mobile operators worldwide, said that it detected dozens of devices infected with Selfmite in North America.


The short goo.gl URL that was used to distribute the malicious APK was visited 2,140 times until Google disabled it. That doesn't mean attackers can't create another URL and launch a new attack campaign.


Giving its current distribution model the threat is likely to only affect users who have configured their devices to allow the installation of apps from "unknown sources" -- sources other than Google Play. Most users don't enable this feature on their phones, but some do because there are legitimate apps that are not distributed through Google Play.


"The impact on the user is not only have they been fooled into installing a worm and other software they may not want; the worm can use up their billing plan by automatically sending messages that they would not be aware of, costing them money," the AdaptiveMobile researchers said. "In addition, by sending spam the worm puts the infected device at danger of being blocked by the mobile operator. More seriously, the URL that the worm points to [in the browser] could be redirected to point to other .apks which may not be as legitimate as the Mobogenie app."



Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×