FBI warns that Android phones are havens for malware

[paulsalter]

All in all, users should be using the same precautions on their mobile phone as they do on their computers.

Exactly, use a bit of common sense when installing apps

If I download dodgy apps from a torrent site or some other unknown source (for any platform) it's risky

If google are allowing software like this, I would like to see a play store link for it, or the name of the app

 

[thewitt]

Apparently FinFisher, which is mentioned in that link you posted, can also take control of iPhones. http://www.bgr.com/2012/08/30/iphone-android-malware-finfisher/

Android is definitely not boring and if it is then iOS is more boring.

Applications cannot be installed on a stock iPhone by just visiting a website. There is no way for the trojan portion of this spy app to sneak onto your stock iPhone.

 

[paulsalter]

Applications cannot be installed on a stock iPhone by just visiting a website. There is no way for the trojan portion of this spy app to sneak onto your stock iPhone.

Applications cannot be installed on stock Android by visiting a website as default

you have to specifically go in and enable the option to install from outside google play, then you can install from anywhere

 

[VulchR]

Managed to stay malware free since 2009 on Android....

So you think, so you think.

 

[munkery]

Can someone please post a link to an app in google play that has malware/virus? It's such a huge problem it should be very easy.

If it is known to be malware, it would have already been pulled from google play.

But, malware has been found in google play.

http://blogs.cio.com/mobile-securit...trates-google-play-store-infects-100k-devices

http://news.cnet.com/8301-1009_3-57470729-83/malware-went-undiscovered-for-weeks-on-google-play/

 

[blackhand1001]

If it is known to be malware, it would have already been pulled from google play.

But, malware has been found in google play.

http://blogs.cio.com/mobile-securit...trates-google-play-store-infects-100k-devices

http://news.cnet.com/8301-1009_3-57470729-83/malware-went-undiscovered-for-weeks-on-google-play/

There have been similar malware in the app store over time as well.

 

[zbarvian]

There have been similar malware in the app store over time as well.

Like one.

 

[SlCKB0Y]

I can do 100 x more with a jailbroke device than I can with a rooted android device. I had a 10" toshiba thrive tablet rooted,I gave away besides only a couple of themes there is not much to it. With a jailbroke iPad/iPhone there is 100's of tweaks,themes and other stuff u can do. Heck you can take a jailbroke iPod and walk in to a business and hack their servers and they would not know it was you.

And beside that how many diff OS does android have. There is no telling what OS you will have on what device. They need to get their crap together

I honestly can't tell if this post is meant to be serious or not...

 

[iAi]

iPhone is not boring.

You can jailbreak or not jailbreak and have fantastic user experience etc regardless. And the very best apps (without worrying about malwares and such).

Oh, one more thing ...

 

[munkery]

There have been similar malware in the app store over time as well.

None that included privilege escalation which is required to produce banking malware and other malware that cause financial loss to the user.

The app in the App Store used users contacts to send spam about the app to get more users to download it. Official APIs allow access to contacts but iOS 6 requires the user to allow that access.

Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.

 

[faroZ06]

Is a jailbroken iPhone as safe as a non jailbroken iPhone? I ask the question because I don't know the answer.

Yes, but you could install apps that aren't safe. Same goes with Android vs un-jailbroken iOS. Most of the FBI warning applies to both un-jailbroken iOS and Android, leaving out the malware part.

----------

Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.

I wouldn't consider iOS itself safer than Android, but the walled garden App Store makes it safe. Remember that the root password on all iOS devices is, by default, either "alpine" or "dottie". The system of jailbreaking your iOS device if you know how to is good, and a jailbroken iOS device can typically do more than an Android device. Cydia is loaded.

----------

Applications cannot be installed on a stock iPhone by just visiting a website. There is no way for the trojan portion of this spy app to sneak onto your stock iPhone.

iOS 4 did have that vulnerability. You could jailbreak your iOS device by visiting a website!!! Good thing this was used for good and never for evil.

----------

Can someone please post a link to an app in google play that has malware/virus? It's such a huge problem it should be very easy.

This is more about the possibility of malware, and I'm confident that all known malware has been removed by now. I know this isn't malware, but it shows the freedom that Android gives its apps, which is not a good sign: https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=en

 

[xuselppa]

None that included privilege escalation which is required to produce banking malware and other malware that cause financial loss to the user.

The app in the App Store used users contacts to send spam about the app to get more users to download it. Official APIs allow access to contacts but iOS 6 requires the user to allow that access.

Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.

Remember that smurf game that allowed kids to make real money transactions without parental approval? Or how about the thousands of people that have had their credit card and personal info stolen via the app store, because Apple security has been a joke. I had my info stolen and a bunch of Chinese crap apps purchased. After that, I never gave Apple my credit card and only used gift cards.
I have yet to have an issue with Google and now that they have Play Store gift cards, I use those.

Do not for one second believe Apple iOS or OSX is more secure than any other system. people used to believe the Mac was safe from viruses, until they realized they weren't. I use Avast on my Mac's and my S3. But I also consider the S3 more like a mini PC, whereas I view the iPhone more like a phone.

 

[kdarling]

Article on ZDNet talks about the FBI news release:

Android malware, FUD, and the FBI - Summary: A badly written FBI warning about Android malware has been taken to be about Android's security, when it's really about idiot users.

Excerpt:

Loozlon is a Trojan horse that Symantec reports as having less than 50 reported instances. FinFisher is a much more serious spyware program.

FinFisher has been around for years on Macs and Windows PCs as "legal" spyware from Gamma International, a UK security company. Recently it's been ported to all the major mobile devices, including Android, Blackberry, and, yes, the iPhone. It is in no way, shape, or form purely an Android problem.

In any case, both programs aren't classic computer viruses. They require users to go above and beyond the call of stupidity to catch them.

With both, you typically need to open a suspicious looking email, then follow a link, and then agree, in Android's case, to download the unknown Android application package (APK). After that, you have to tell your smartphone or tablet to install it even though it's not in Google's Play Store, ignore the malware warning, and then you finally get to infect your device.

In short, these malicious programs don't really infect devices. Maliciously stupid users do. Or, in the case of FinFisher, it might be your employer or your government.

 

[munkery]

Remember that smurf game that allowed kids to make real money transactions without parental approval?

Not malware.

The issue was parents not properly configuring settings.

Or how about the thousands of people that have had their credit card and personal info stolen via the app store, because Apple security has been a joke.

Link to credible source stating users credit card info stolen via App Store?

Do not for one second believe Apple iOS or OSX is more secure than any other system.

Android has a higher incidence rate of malware and infections than OS X despite OS X being a desktop OS which is supposedly more liable to attack.

This is because many Android devices are not fully patched and contain known vulnerabilities such as privilege escalation vulnerabilities that allow installation of malware the bypasses user space security mitigations.

https://blog.duosecurity.com/2012/0...ay-over-50-of-android-devices-are-vulnerable/

 

[munkery]

Article on ZDNet talks about the FBI news release:

Android malware, FUD, and the FBI - Summary: A badly written FBI warning about Android malware has been taken to be about Android's security, when it's really about idiot users.

Excerpt:

The critique in that article doesn't apply to all Android malware.

https://blog.duosecurity.com/2012/0...ay-over-50-of-android-devices-are-vulnerable/

http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf

http://www.zdnet.com/blog/hardware/millions-caught-up-in-android-botnet/17891

 

[xuselppa]

Not malware.

The issue was parents not properly configuring settings.



Link to credible source stating users credit card info stolen via App Store?



Android has a higher incidence rate of malware and infections than OS X despite OS X being a desktop OS which is supposedly more liable to attack.

This is because many Android devices are not fully patched and contain known vulnerabilities such as privilege escalation vulnerabilities that allow installation of malware the bypasses user space security mitigations.

https://blog.duosecurity.com/2012/0...ay-over-50-of-android-devices-are-vulnerable/

I don't need to provide a link to Apple giving out people's info after a hacker answers a simple question and then gains full access to your account. It has been in the news and it personally happened to me. Like I said, after that I never gave Apple my credit card info and only redeemed iTunes cards. I do the exact same thing with Google Play Store cards.

And Android does have a higher rate of malware incidents over osx, for one simple reason. There aren't half a billion Mac's in the consumer space with 1.5 million purchased and activated daily, like Android based phones. Nor does Google limit who can use their OS on hardware, unlike Apple.

But we can also make the argument that all those 2nd and 3rd Gen ipods, ipad 1's and 3gs iPhones that can't run iOS 6 are still susceptible to Comex's jailbreak. So what is that? About 50 million iDevices still vulnerable to malware exploits.

It is ridiculous to argue that Apple is this perfect place where no bad will ever come to you. It's also insane not to protect your data, whether you think you need it or not. What is irnoic is that malware tends to be an indicator of the popularity of a platform. Outside the US, the iPhone just doesn't match the hype in the US. So why bother going after a tiny platform, when the masses use Android.

 

[munkery]

I don't need to provide a link to Apple giving out people's info after a hacker answers a simple question and then gains full access to your account. It has been in the news and it personally happened to me. Like I said, after that I never gave Apple my credit card info and only redeemed iTunes cards. I do the exact same thing with Google Play Store cards.

That individual was a victim of a targeted attack. Much of his personal information was easily accessible on the web which facilitated the attack.

What motivation did hackers have to do the same to you?

There have been no widespread reports of this occurring to other individuals on a large scale.

That hacking didn't start with Apple.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter.

The initial problem occurred with Amazon then that compromised information was used to compromise the Apple account.

Those security lapses are my fault, and I deeply, deeply regret them.

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

And Android does have a higher rate of malware incidents over osx, for one simple reason. There aren't half a billion Mac's in the consumer space with 1.5 million purchased and activated daily, like Android based phones. Nor does Google limit who can use their OS on hardware, unlike Apple.

Mac OS X overall market share = 6.30%

iOS overall market share = 5.67%

Android overall market share = 2.00%

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

But we can also make the argument that all those 2nd and 3rd Gen ipods, ipad 1's and 3gs iPhones that can't run iOS 6 are still susceptible to Comex's jailbreak. So what is that? About 50 million iDevices still vulnerable to malware exploits.

iPhone 2G and iPod 1st gen running 3.1.3 are affected.

iPhone 3G, iPod 2nd gen, and iPod 3rd gen running 4.2.1 are not affected.

iPad 1st gen running 5.1.1 is not affected.

All other iOS devices run iOS 6.

So, only a very small percentage are affected by those known vulnerabilities. I suspect that many of those devices are no longer in use.

Also, users can't install software from anywhere. Leveraging that exploit via the browser requires more skill than that of the typical malware developer. And, it is not likely any one will bother doing so given how much easier it is to target Android.

It is ridiculous to argue that Apple is this perfect place where no bad will ever come to you. It's also insane not to protect your data, whether you think you need it or not. What is irnoic is that malware tends to be an indicator of the popularity of a platform. Outside the US, the iPhone just doesn't match the hype in the US. So why bother going after a tiny platform, when the masses use Android.

Market share data shows that far more iOS devices are in use. See link found earlier in this post.

I didn't say that is was perfect. Just better than the alternatives.

 

[daveathall]

Yes, but you could install apps that aren't safe. Same goes with Android vs un-jailbroken iOS. Most of the FBI warning applies to both un-jailbroken iOS and Android, leaving out the malware part.

Thank you.

 

[xuselppa]

That individual was a victim of a targeted attack. Much of his personal information was easily accessible on the web which facilitated the attack.

What motivation did hackers have to do the same to you?

There have been no widespread reports of this occurring to other individuals on a large scale.

That hacking didn't start with Apple.

My point wasn't about where the hacking started, but rather the lax Apple security. And I wasn't specifically targeted, my credit card info, which was on file with Apple (thank you iTunes for requiring my personal credit info just to get an account) was stolen, along with thousands of others over the past few years. And yes, it was a serious problem, just not an acknowledged one. Kind of like Jobs pretending there was no antenna issues with the ip4. All I am saying is that Apple does not have some secret force field to prevent malware or hackers from entering their systems and taking info. It does happen, as Apple has made quite a few mistakes allowing certain apps to enter the app store that should have been caught.

Mac OS X overall market share = 6.30%
iOS overall market share = 5.67%
Android overall market share = 2.00%
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

LOL. Nice find. Unfortunately, this link isn't based on sales or actual products, but instead on stock browser aggregate hits to sites associated with Netmarketshare. This is great for iOS devices because most use Safari for browsing. Android users tend to use many different browsers and a lot of users surf anonymously.
But if you want to believe what these guys say, then you will be happy to know that the iPad marketshare is 37% and iPhone is only 25%. Makes perfect sense right? LOL

Here are IDC stats based on real sales data:

Global Smartphone shipments reported August 8th.

And July data of smartphone sales globally by manufacturer:

iPhone 2G and iPod 1st gen running 3.1.3 are affected.

iPhone 3G, iPod 2nd gen, and iPod 3rd gen running 4.2.1 are not affected.

iPad 1st gen running 5.1.1 is not affected.

All other iOS devices run iOS 6.

So, only a very small percentage are affected by those known vulnerabilities. I suspect that many of those devices are no longer in use.

Incorrect. All devices prior to the install of iOS6 are vulnerable to comex's root exploit.Apple just now shut that one down. But as I recall Musclenerd, i0n1c and the rest had 7 or 8 other exploits from 5.1.1 that Apple didn't know about. And isn't it funny that it took Apple hiring Comex in order for them to close his exploit?

As for Android, so many of those rogue programs go back to the days of Eclair and Froyo so I suspect that many of those devices are no longer in use.

Also, users can't install software from anywhere. Leveraging that exploit via the browser requires more skill than that of the typical malware developer. And, it is not likely any one will bother doing so given how much easier it is to target Android.

Source for your claim? Did you use Absynthe jailbreak for ios5?

And hackers go after Android because it is the most used and popular mobile OS, not because it is easier. Same with Windows vs OSX or Ubuntu or Linux...

 

[munkery]

My point wasn't about where the hacking started, but rather the lax Apple security. And I wasn't specifically targeted, my credit card info, which was on file with Apple (thank you iTunes for requiring my personal credit info just to get an account) was stolen, along with thousands of others over the past few years. And yes, it was a serious problem, just not an acknowledged one. Kind of like Jobs pretending there was no antenna issues with the ip4. All I am saying is that Apple does not have some secret force field to prevent malware or hackers from entering their systems and taking info. It does happen, as Apple has made quite a few mistakes allowing certain apps to enter the app store that should have been caught.

This type of hacking occurs when the user doesn't properly secure their own accounts.

Weak passwords, password reuse, falling for phishing scam and etc.

LOL. Nice find. Unfortunately, this link isn't based on sales or actual products, but instead on stock browser aggregate hits to sites associated with Netmarketshare. This is great for iOS devices because most use Safari for browsing. Android users tend to use many different browsers and a lot of users surf anonymously.
But if you want to believe what these guys say, then you will be happy to know that the iPad marketshare is 37% and iPhone is only 25%. Makes perfect sense right? LOL

The user agent info collected shows the OS in use as well as the browser so the browser used doesn't impact the OS info.

Private browsing doesn't impact the collection of this info; it only prevents the browser from saving data from a browsing session.

That Netmarketshare data is relevant.

Incorrect. All devices prior to the install of iOS6 are vulnerable to comex's root exploit.Apple just now shut that one down. But as I recall Musclenerd, i0n1c and the rest had 7 or 8 other exploits from 5.1.1 that Apple didn't know about. And isn't it funny that it took Apple hiring Comex in order for them to close his exploit?

The Jailbreakme exploits could be leveraged via the browser and used in malware.

The other jailbreaks, including the untethered jailbreaks, start with a string of exploits that begin with a bootrom exploit. Bootrom exploits can't be leveraged directly from the browser so jailbreaks other than Jailbreakme are not applicable in malware.

As for Android, so many of those rogue programs go back to the days of Eclair and Froyo so I suspect that many of those devices are no longer in use.

Read the following article:

https://blog.duosecurity.com/2012/0...ay-over-50-of-android-devices-are-vulnerable/

Source for your claim? Did you use Absynthe jailbreak for ios5?

Absinthe jailbreak starts with a bootrom exploit. See above for more info. I don't jailbreak.

And hackers go after Android because it is the most used and popular mobile OS, not because it is easier.

iOS has the larger market share.

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

Android is an easier target.

https://blog.duosecurity.com/2012/0...ay-over-50-of-android-devices-are-vulnerable/

http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf

http://www.zdnet.com/blog/hardware/millions-caught-up-in-android-botnet/17891

Here are IDC stats based on real sales data:

That represents only smartphone shipments/sales for one quarter.

It doesn't include tablet sales which are included in the same OS market share.

The following from the same link you provided represents the smartphone only market share but factor in the iPad and you get the numbers I provided.

 

[xuselppa]

This type of hacking occurs when the user doesn't properly secure their own accounts.

Weak passwords, password reuse, falling for phishing scam and etc.



The user agent info collected shows the OS in use as well as the browser so the browser used doesn't impact the OS info.

Private browsing doesn't impact the collection of this info; it only prevents the browser from saving data from a browsing session.

That Netmarketshare data is relevant.



The Jailbreakme exploits could be leveraged via the browser and used in malware.

The other jailbreaks, including the untethered jailbreaks, start with a string of exploits that begin with a bootrom exploit. Bootrom exploits can't be leveraged directly from the browser so jailbreaks other than Jailbreakme are not applicable in malware.



Read the following article:

https://blog.duosecurity.com/2012/0...ay-over-50-of-android-devices-are-vulnerable/



Absinthe jailbreak starts with a bootrom exploit. See above for more info. I don't jailbreak.



iOS has the larger market share.

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=

Android is an easier target.

https://blog.duosecurity.com/2012/0...ay-over-50-of-android-devices-are-vulnerable/

http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf

http://www.zdnet.com/blog/hardware/millions-caught-up-in-android-botnet/17891



That represents only smartphone shipments/sales for one quarter.

It doesn't include tablet sales which are included in the same OS market share.

The following from the same link you provided represents the smartphone only market share but factor in the iPad and you get the numbers I provided.

Good God my man. You are completely and utterly out in left field. You are countering your own stats and points. Do you realize this?

NETMARKETSHARE is an aggregate data collection point reading stock browsers based on OS version. They are unable to determine if I am using an S2 on ICS, S3 on ICS, or a HP Touchpad running ICS and using Maxthon, Opera, Opera mini, and so on browsers. Additionally, they can only extract data from a few websites out of the whole internet. Do you understand the difference between actual sales of devices reported by independent sources (like the IDC ) and manufacturers vs some website collecting browser stats? And even that website contradicts the most basic known facts. i. e. They state that the iPad has more marketshare than the iPhone! If you believe that, I have a bridge to sell you in Brooklyn.

And here is a fact for you: Samsung, all by itself, sold more Smartphones last quarter than Apple sold iPads and iPhones COMBINED. I won't even get in to how far off you are on your idea that Android makes up less marketshare than iOS.

And now read your first couple of responses above and now here is one of you previous posts from this thread. You are contradicting yourself.

None that included privilege escalation which is required to produce banking malware and other malware that cause financial loss to the user.

The app in the App Store used users contacts to send spam about the app to get more users to download it. Official APIs allow access to contacts but iOS 6 requires the user to allow that access.

Android has banking malware, premium rate malware, and other malware that are much more problematic than the single example of spam malware from the App Store. This is because Android has many known privilege escalation vulnerabilities that allow user space security mitigation to be bypassed.

Quite frankly this is an exercise in futility for me. You can't understand the stats, so I can not have an intelligent debate with you. For this reason, I shall not respond further to this thread.

 

[cynics]

If it is known to be malware, it would have already been pulled from google play.

But, malware has been found in google play.

http://blogs.cio.com/mobile-securit...trates-google-play-store-infects-100k-devices

http://news.cnet.com/8301-1009_3-57470729-83/malware-went-undiscovered-for-weeks-on-google-play/

Sorry, I'm confused.....there is so much malware/virus in the play store but you are showing links of something that happened?

What I'm saying is I can find a virus for PC currently on the internet. I was just looking for malware/virus currently in the play store. I keep hearing its a huge problem.

 

[munkery]

Good God my man. You are completely and utterly out in left field. You are countering your own stats and points. Do you realize this?...

The amount sold last quarter doesn't represent the total amount sold since the initial release of devices that run each mobile OS.

iOS was released more than a year before Android and sales of Android devices took longer to initially ramp up, especially for sales of Android tablets.

More iOS devices have been sold since the initial release of iOS devices than Android devices have been sold since the initial release of Android. This number may be very close now.

If you look at mobile device sales for quarters in which new iOS devices are released, iOS obviously has a higher rate of shipments and sales than in quarters when no new devices are released.

Android devices are steadily narrowing the gap of the head start afforded to iOS devices due to higher sales rates more recently but recent sales statistics doesn't represent total market share.

The hardware manufacturer doesn't matter because it is the OS that is targeted by malware. Also, mobile device manufacturers, such as Samsung, don't only produce Android devices.

Sorry, I'm confused.....there is so much malware/virus in the play store but you are showing links of something that happened?

What I'm saying is I can find a virus for PC currently on the internet. I was just looking for malware/virus currently in the play store. I keep hearing its a huge problem.

If I was aware of malware in Google Play, then most likely Google would be aware of it and it would be pulled from Google Play.

Obviously, I can only post links to incidences of malware being in Google Play.

__________

Ok, here are some better stats. It shows Android with a slight lead but it also shows the trend of how Android market share has only rumped up recently.

These market share numbers don't justify the enormous difference in the amount of malware affecting iOS vs Android given the market share trends.

The difference is due to Android being a much easier target.