Android Apps Hacked
Google has pulled 21 popular free apps from Android Market, the official company store for purchasing apps for Android smartphones.
As a result of being the most open of the top-selling smartphone platforms, Android has been the most intensely probed and attacked by malicious software developers.
Up until now most of the Android malware had been found outside of the Android Market, says Tim Armstrong, malware researcher at Kaspersky Lab. The breakthrough in this hack: The bad guys were able to plant poisoned copies of 21 popular apps in Android Market.
Another, more subtle breakthrough has to do with the way the hackers were able to include a "jailbreaking" component embedded in the poisoned apps that they managed to slip into Google's official apps store.
Jailbreaking refers to gaining root access to your phone's operating system. It is most commonly associated with iPhones. You need to jailbreak Apple's security to plant any malicious code on the iPhone. There have been a number of successful jailbreaking hacks of the iPhone, but this is not something that is trivial to do.
In this case, says Armstrong, the hackers made available poisoned apps carrying the capacity to gain root access to the Android operating system. (Technologists refer to this as "rooting" the Android, the equivalent of "jailbreaking" an iPhone.)
In essence, the 21 poisoned apps came preloaded to root the Android OS as the first step in corrupting the phone. Google says the poisoned apps were designed to harvest a wide range of available data and download more malicious instructions. At least 50,000 Android users downloaded a poisoned app before Google -- alerted by the Android Police bloggers -- intervened.
Lookout Mobile Security says it has discovered more similarly poisoned apps. "In all, more than 50 apps, including those from Myournet, have been identified and suspended from the market," says CTO Kevin Mahaffey.
Re: Android Apps Hacked
i-boiz & droidbots beware...
Re: Android Apps Hacked
I saw the story. The way I understood it is someone with rights to publish in the store took existing apps from another publisher, added the malware code, and published the modified app with a similar name to the original.
The lesson I took from it is that even with a BlackBerry users are going to need to pay attention to what they are doing and not blindly download and install apps, even from app world, and evaluate the permissions required and whether they make sense for the app. Nothing is going to get on your BlackBerry without you allowing it, so you are the vulnerability.
An interesting fact for me is that google not only removed the apps from the store, but from user's handsets. That's good in this instance, but would bug me. Reminds me of when Amazon was in a fight with a publisher and pulled a book from the Kindle devices of customers who had already purchased the book. I still have both of my feet in the old world of hardcover books.
Posted via BlackBerryForums.com Mobile
|All times are GMT -5. The time now is 10:15 AM.|
Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.