backtop


Print 47 comment(s) - last by YashBudini.. on Mar 10 at 2:40 PM

Company will release special removal tool for affected users, is remotely killing apps

Google is reacting quickly to what is perhaps the largest mass infection of users of its Android OS, yet. Rather than keep quiet, Google quickly pulled the 58 malicious apps, which were repackaged versions of legitimate apps (containing extra malicious APKs designed to grab personal information, obtain root access, and install code remotely).

Now it's take even more strident measures to combat the attack, personally reaching out to affected users.  Google began executing its remote kill functionality on the malicious apps Saturday.

It also pushed out an update to affected users phones, which will remove the installed rootkit.  Google sent the following email [source] to the estimated 260,000 Android users:

Hello,

We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.

According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).

However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.

To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.

For more details, please visit the Android Market Help Center.

Regards,
The Android Market Team


The flaw that allowed the malware to gain root access without asking for permissions was actually fixed by Google with firmware update Android 2.2.1.  Unfortunately carriers have been extremely sluggish at rolling out updates for Android users, and this is the end result.

Google has repackaged the fix as an individual patch and given it to carriers and handset makers.  But it's up to carriers and their hardware partners to push it down to phone customers as the patch will have to be adjusted to individual hardware configurations.  

In other words Google's keeping busy killing the burglars in the house, but back door is still wide open.  At least it's doing something, though, and giving its customers the decency of communication.

Google is also taking steps to make sure similar malware doesn't reappear in the Android Marketplace.  While the company is vague on specifics, it writes:

We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

According to professional hackers and security researchers, most phones and applications markets have the potential to be infiltrated by malware.  

For example, at Nicolas Seriot, a Swiss iPhone expert, has demoed [white paper] at the annual Black Hat conference an app called "SpyPhone", which showed off how easy it would be to sneak malware into the App Store.  It is unknown if this is being actively done, but Mr. Seriot's whitepaper offered obfuscation code that disguised disallowed strings, offering hackers a clear path to getting their malware into the App Store (the only other necessary steps would be a delayed activation of the malicious activity, and avoidance of using private APIs).


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Googles done decently
By tayb on 3/7/2011 8:26:57 PM , Rating: 2
First, I cannot ever remember a scenario where Apple downloaded and installed updates on any of my products without me explicitly saying "Yes, I agree, do this." It prompts me to agree to an action before it downloads and then AGAIN before it installs. This does NOT happen and you know it.

Second, yes I am 100% implying that Google having the ability to remotely install applications on my phone is a BAD thing. A much better solution would have been to attach the application to the email they sent out. I don't like the idea of Google (or anyone) having the ability to remotely delete or install ANYTHING on my phone. So, YES, the fact that Google has this power is a bad thing.

Third, Google and Apple are not in the same boat when it comes to malware apps. Apple has some 20 times as many applications in the App Store and I have yet to see a news article alerting us all about 250,000 iPhone users being infected with malware from a malicious app. When you consider the install base of each OS and the amount of apps for each respective device it becomes pretty clear which eco-system is safer regardless of which company is more "open" when flaws are found.


RE: Googles done decently
By sprockkets on 3/7/2011 8:45:40 PM , Rating: 2
All of you are really stupid: Google removed the malicious app by installing an update to the apps on the phone - that apparently according to the article how the kill switch works.

Apple has a kill switch too (which says something about their app approval process), so stop the incessant whining.


"DailyTech is the best kept secret on the Internet." -- Larry Barber

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki