Posted on 07/31/2010 5:46:09 AM PDT by Gomez
The root-kit tool was released to "to persuade manufacturers to fix a bug that lets hackers read a victim's email and text messages," according to report by Reuters.
"It wasn't difficult to build," said Nicholas Percoco, who leads Spider Labs. Working with a colleague, Percoco said it took about two weeks to develop the tool, which allows nefarious users to take control of the device and steal email and text messages.
Percoco distributed the root kit on DVDs at the Defcon conference, which is a meeting of around 10,000 security experts who can attend anonymously. Reuters noted that "law enforcement posts undercover agents in the [Defcon] audience to spot criminals and government officials recruit workers to fight computer crimes and for the Department of Defense."
Security issues hitting Android are contradicting the perception that malicious attacks are primarily directed at the largest installed base. The global installed base of Apple's iOS devices is at least four times as large as Android, which despite a lot of media attention, is still similar to Microsoft's beleaguered Windows Mobile in terms of market share.
Android's open-ended security defended
A day ago, security researchers at Lookout reported the potential for mobile software to take invisible actions that users were not aware were happening, noting that many apps on all platforms can gain access to private data, and specifically calling out a wallpapers app on Android for collecting device data, phone numbers, and voicemail numbers of users who downloaded the app, forwarding the information to servers in China.
At least one Android blog, Android Tapp, rushed to defend the platform, insisting that an initial report by Venture Beat was inciting "fear. uncertainty and doubt" by describing the data collection as "malicious."
The blog indicated that there was nothing wrong with developers collecting Android users' data without disclosure and for unknown purposes, suggesting instead that users should anticipate the full consequences of downloading third party software based on the permissions that software requests during installation.
While defending the developer involved in harvesting Android users' phone numbers, voicemail phone numbers, and device IDs through his "Jackeey Wallpaper" app, the Android fan blog pointed out that other Android wallpaper apps request permissions to read phone call information, read SD Card storage, and access contact data.
Following Lookout's report, Google pulled the wallpaper app in question, but other apps that do the same thing while requesting even more access to users' data are still available for download.
"True all users should indeed be aware of what they are installing from the Android Market," the Android blog concluded. "But was the mass negative press without covering the complete story warranted???"
ping
I just had to wipe out the OS on my blackberry. My lib ex put spyware on my phone. She was reading all my texts and emails.
I have a problem. I do not know what an android phone does or what it is. Any links?
So kind if these security experts. I suggest they be invited outside the building and given a 21 baseball bat salute.
ping
You gotta be kidding!
More like, 100 real security experts, 400 undercover cops, and 9,500 hackers and wannabee hackers.
Not that there's anything wrong with that...
But... but... I thought small marketshare granted immunity! I mean, I've always been told the only reason Windows had all the viruses and Mac OS-X had none was that virus-writers only target the largest installed base... /s
Heh, and the "marketshare / security" argument takes yet another body blow.
Wow! Vicious AND smart!
My theory is that if you don't know what something is, you probably don't it, anyway.
Link here.
Yet another reason why my cell phone is a nice, plain "stupidphone" (LG-VX5500 series). Cheap, reliable, and doesn't run any apps.
My phone contacts are MY business, thank you...
Vicious and smart?
Nothing is more vicious and smart than a woman getting a Phd in Social Work. Actually there is tons of spyware out there.(I found out). The requirement is being dumb enough to leave my phone unsupervised and unlocked while sleeping. It takes 10 minutes. I guess this is why Obama caught hell over wanting a blackberry. They can be hacked.
I’m waiting to see the reviews of Windows Phone 7 sets before making a decision on my first non-company smartphone. Will it be iOS4, Droid, BlackBerry, or WP7???
Same with me! But I'm finding it harder and harder to get along in my workplace without using text messaging. Used to be just having a cell phone was good enough...everybody could get in contact with me anywhere. But now, everybody's doing the texting thing, and I'm finding myself left out of the communications loop because I don't have text capabilities.
My LG has texting capability, though with only the phone keypad it's painfully slow and annoying. I use it occasionally -- it has the advantage (out here in the boonies) that text msgs can be sent and received even when voice calls can't, e.g. if the radio signals are really weak. Which happens a lot.
Maybe this helps.
“Android takes Q2 smartphone market share lead in US with 886 percent year-over-year growth:
http://www.engadget.com/2010/08/02/canalys-android-takes-q2-smartphone-market-share-lead-in-us-wit/
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
