backtop


Print 47 comment(s) - last by YashBudini.. on Mar 10 at 2:40 PM

Company will release special removal tool for affected users, is remotely killing apps

Google is reacting quickly to what is perhaps the largest mass infection of users of its Android OS, yet. Rather than keep quiet, Google quickly pulled the 58 malicious apps, which were repackaged versions of legitimate apps (containing extra malicious APKs designed to grab personal information, obtain root access, and install code remotely).

Now it's take even more strident measures to combat the attack, personally reaching out to affected users.  Google began executing its remote kill functionality on the malicious apps Saturday.

It also pushed out an update to affected users phones, which will remove the installed rootkit.  Google sent the following email [source] to the estimated 260,000 Android users:

Hello,

We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.

According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).

However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.

To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.

For more details, please visit the Android Market Help Center.

Regards,
The Android Market Team


The flaw that allowed the malware to gain root access without asking for permissions was actually fixed by Google with firmware update Android 2.2.1.  Unfortunately carriers have been extremely sluggish at rolling out updates for Android users, and this is the end result.

Google has repackaged the fix as an individual patch and given it to carriers and handset makers.  But it's up to carriers and their hardware partners to push it down to phone customers as the patch will have to be adjusted to individual hardware configurations.  

In other words Google's keeping busy killing the burglars in the house, but back door is still wide open.  At least it's doing something, though, and giving its customers the decency of communication.

Google is also taking steps to make sure similar malware doesn't reappear in the Android Marketplace.  While the company is vague on specifics, it writes:

We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

According to professional hackers and security researchers, most phones and applications markets have the potential to be infiltrated by malware.  

For example, at Nicolas Seriot, a Swiss iPhone expert, has demoed [white paper] at the annual Black Hat conference an app called "SpyPhone", which showed off how easy it would be to sneak malware into the App Store.  It is unknown if this is being actively done, but Mr. Seriot's whitepaper offered obfuscation code that disguised disallowed strings, offering hackers a clear path to getting their malware into the App Store (the only other necessary steps would be a delayed activation of the malicious activity, and avoidance of using private APIs).


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Googles done decently
By NAVAIR on 3/7/2011 9:33:22 PM , Rating: 2
Both iOS and Android are Unix/Linux or Nix OSes they do the same thing. The big difference in buying an iPhone is; its like buying a computer and not getting the Root or Administrator logon. In order to install software on the iPhone, you have to let Apple do it through 'their' App Store. Apple is the only one that has admin rights unless you Jailbreak the phone, which kills the security and OS updates. Android, as I understand it, gives the user full rights to do what ever he wants on the phone without resorting to hacks. With the Apple iPhone, you give up your freedom for security(, much like the "Patriot Act.") Android with all of its freedom leaves a careless user exposed much like a careless PC user pointing and clicking on everything he sees on the internet (ie, yes, ok, install, open, are you sure,) bypassing all the security built in to the latest versions of Windows. Enterprise environments will not let a Windows user use the machine under a Admin logon mainly for security purposes, although they want to keep the unauthorized apps off the box as well. That is why you cannot "use" as root in Unix and Linux; you logon as root to handle installs and maintenance and then go back as a regular user to 'use' the box. iPhones are "relatively" safer while sacrificing freedom to Steve and Android is much more customizable to the user sacrificing safety in some regards for freedom. Apple through its App Submission Process "vets" the applications for safety before authorizing them and to make sure Steve gets his 30 percent.

As a side note: for all you OSX haters, OSX is a highly customized mixture of open BSD and NEXT OS called Darwin. OSX itself can be thought of as the GUI like Gnome or KDE in Linux. All the Linux BASH commands work. I use Unix, Linux, Windows and OSX; I prefer the rock solid stability of the Unix OS foundation. I compute on OSX now and game on a separate Windows box. On my Macbook Pro, Nvidia GPU, I get almost twice the frame rates under a Windows 7 bootcamp install for Steam games as I do under OSX. For all the Mac users talking about Mac's superior graphics technology, the 3D display drivers suck under OSX. I am not sure if its poor Nvidia driver code since I do not have a ATI GPU to compare it against.


"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki