Lookout security executives presented at the Black Hat conference in Las Vegas their discovery that a popular Android app stole user info. (Source: VentureBeat)
Millions of users expected My Little Pony and other wallpapers, but ended up getting their passwords stolen. (Source: Mike to the Max)
Personal information may be exploited for nefarious purposes
If
you download Jackeey Wallpaper from Google's Android Market for your
smartphone, you might want to start worrying just about now.
The popular app has been exposed as potentially being a
piece of malware designed to steal your personal info and
send it to China.
John Hering, chief executive, and Kevin
MaHaffey, chief technology officer at Lookout,
a mobile security firm, revealed the
stunning news at their presentation at the Black
Hat security conference in Las Vegas today. States
MaHaffey, "Even good apps can be modified to turn bad after a
lot of people download it. Users absolutely have to pay
attention to what they download. And developers have to be
responsible about the data that they collect and how they use
it."
Jackeey Wallpaper was downloaded millions of times
(between 1.1 million and 4.6 million to be precise). It offers
popular wallpapers, such as My Little Pony and Star
Wars.
Other apps by developer iceskysl@1sters are also collecting similar
info.
The app collects your phone’s SIM card number,
subscriber identification, and even your voicemail password and sends
it to www.imnet.us -- a website owned by someone in Shenzhen,
China.
The app warns when attempting to access your "phone
info", but many users have reportedly ignored this vague
warning. At least Android has some warning
on its approved apps though -- there's no warning on approved apps
trying to access your private data on the iPhone/iPad. Users
can disable apps ability to access personal data in their Apple
device's settings manually, though.
Lookout has studied over
100,000 Apple and Android apps and has found that 47 percent of
Android apps and 23 percent of iPhone apps collect some sort of user
information. Some uses appear to be not directly malicious,
such as collecting
location information to target ads.
The security firm
says that Apple and Google are doing a good job policing
overtly malicious apps, but that they're having trouble handling
apps who behave in a strange, but unclear fashion. For example
no one knows yet whether the Jackeey Wallpaper app did anything
malicious with users' voicemail passwords.
App security issues
came in to sharp focus over the last month when at
least hundreds of iTunes accounts were hacked and app and
in-app purchases racked up as much as $1,000 on some users accounts.
Apple was unsympathetic about the incident, suggesting users resolve
it with their credit card companies. Some of the companies
didn't even have iPhones, but Apple apparently does not consider this
when allowing app purchases.
"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson
|
Most Popular ArticlesHigh School Student Creates Storage Device that Can Charge in 20 Seconds
May 20, 2013, 6:51 AM
Google Announces "Pure" Galaxy Nexus S4 for $649, Android Updates
May 15, 2013, 1:42 PM
Seawater Cooling Saves Data Center Big Bucks, Energy, Despite Jellyfish Issues
May 17, 2013, 3:23 PM
U.S. Federal Traffic Board Wants to Make Drunk Driving Threshold Far Harsher
May 15, 2013, 11:32 AM
Newegg Legal Chief: "We don't Feed the Trolls"; Defeats Bell Lab Shell Comp.
May 17, 2013, 10:11 AM
|
