Google flips Android kill switch

[MacDawg]

Pretty interesting article on Engadget about Google's kill switch and the need for it

Google flips Android kill switch, destroys a batch of malicious apps

When 21 rogue apps started siphoning off identifying information from Android phones and installing security holes, Google yanked the lot from Android Market, and called the authorities to boot. But what of the 50,000 copies already downloaded by unwitting users? That's what Google's dealing with this week, by utilizing Android's remote kill switch to delete them over the air. But that's not all, because this time the company isn't just removing offending packages, but also installing new code. The "Android Market Security Tool March 2011" will be remotely added to affected handsets to undo the exploit and keep it from sending your data out, as well as make you wonder just how much remote control Google has over our phones. Yes, we welcome our new Search Engine overlords and all that, so long as they've got our best interests at heart, but there's a certain irony in Google removing a backdoor exploit by using a backdoor of its own -- even one that (in this case) will email you to report what it's done.

 

[*LTD*]

But it's free. And open, too!

 

[kdarling]

Hubris is always something to avoid. Apple fanboys take note.

According to the last malware survey I saw, there are currently a larger percentage of iOS apps that can send personal info out to remote servers, than with Android apps.

The iOS user community has the false idea that Apple can or does actually check app store submissions for Trojans.

Not only is that not possible without the source code, but iOS is far more vulnerable to bugs like buffer overrun hacking due to using native code instead of a managed language like Java. This vulnerabilty is outlined in every iOS update that has included fixes for such security holes.

It's also demonstrated by apps with hidden code, such as that hotspot that a kid developer snuck into a flashlight app. Apple didn't find out about it until it was downloaded by thousands, at which time they pulled it from the store. If Apple can't find something like that in so simple an app, they're not going to find a time delayed Trojan in more complicated apps.

So it's just a matter of time before malware, possibly already in place, is discovered in the Apple App Store. Don't forget that Apple also put in a kill switch, which means they believe there's a possible need for it. Whether or not they'd publicize its use, is up for debate.

 

[Rodimus Prime]

Hubris is always something to avoid. Apple fanboys take note.

According to the last malware survey I saw, there are currently a larger percentage of iOS apps that can send personal info out to remote servers, than with Android apps.

The iOS user community has the false idea that Apple can or does actually check app store submissions for Trojans.

Not only is that not possible without the source code, but iOS is far more vulnerable to bugs like buffer overrun hacking due to using native code instead of a managed language like Java. This vulnerabilty is outlined in every iOS update that has included fixes for such security holes.

It's also demonstrated by apps with hidden code, such as that hotspot that a kid developer snuck into a flashlight app. Apple didn't find out about it until it was downloaded by thousands, at which time they pulled it from the store. If Apple can't find something like that in so simple an app, they're not going to find a timed Trojan in more complicated apps.

So it's just a matter of time before malware, possibly already in place, is discovered in the Apple App Store. Don't forget that Apple also put in a kill switch, which means they believe there's a possible need for it. Whether or not they'd publicize its use, is up for debate.

Add to it MS already announced they have a remote kill switch in WP7 and the power to add in the patch remotely. It is good idea to have it.

As for Android I bet that is a catch to gain access to the Android market is to have the ability for good to force that to happen.

As least Google gets on top of fixing exploits like that after they find out about it. Apple it would of been weeks before they would of patch it. PDF jail break any one. 2 weeks to fix that major hole.

 

[*LTD*]

We're waiting patiently.

Just like we've been waiting patiently for that tidal wave of malware for OS X since 2001 . . . that never happened.

There is no substitute for control of the experience. Google is still in short pants, but they're learning. Maybe one day they'll actually get serious about their product and restrict licensing. They sort of half-heartedly tried that with the Nexus One, but it rapidly became clear to them and everyone else that they aint Apple.

It's all about priorities, and as long as Google's is ads and data-collection, they'll never match the Apple Experience.

 

[Melrose]

Well, Google already rifles through your email and monitors as much as they can squeeze out of you, so this is hardly surprising.

 

[Rodimus Prime]

Well, Google already rifles through your email and monitors as much as they can squeeze out of you, so this is hardly surprising.

honestly I have noticed all email company do that. They look at what emails come in use that to build data bases. At a company the size of google once all personal information is strip out not like you could have a clue who went with what data.

 

[Melrose]

honestly I have noticed all email company do that. They look at what emails come in use that to build data bases. At a company the size of google once all personal information is strip out not like you could have a clue who went with what data.

To a degree, any information we send or receive is read and noted. I just don't like it when wealthy corporate shirts do it to make even more money.

 

[munkery]

Apple it would of been weeks before they would of patch it. PDF jail break any one. 2 weeks to completely fix that major hole.

The Jailbreakme exploit became public on April 3, 2010 and was patched on April 11, 2010. This patch fixed both the local and remote exploit used in Jailbreakme. So, it took 8 days for Apple to fix.

A quick search through the Microsoft Security Bulletin Summary index shows that this publicly released UAC bypass (see also Exploit-db & CVE-2010-4398) in Windows 7 was not patched until February 8, 2011 as shown in ms11-feb.mspx. Contrary to the Microsoft Security Bulletin for this patch, proof of concept code exist for the UAC bypass exploit. So, nearly 2 and a half months.

Interestingly, it is in the same class of exploit used to achieve privilege escalation in the Stuxnet worm that was discovered in July 2010. The win32k.sys exploit used in Stuxnet was not patched until Oct, 12/2010. So, a little under 3 months.

The win32k.sys exploit in Stuxnet did not work in Vista/7 so another exploit was used to achieve privilege escalation in Vista/7. This Task Scheduler exploit was not patched until Dec, 14/2010. So, a little under 4 months.

The remote exploit used in Stuxnet was public on July 17, 2010 and patched on August 2, 2010. So, roughly two weeks.

But, those local privilege escalation exploits could have been leveraged by other remote exploits while they remained unfixed.

 

[stev3n]

This reminds me of Amazon Removes E-Books From Kindle Store, Revokes Ownership

 

[Rodimus Prime]

The Jailbreakme exploit became public on April 3, 2010 and was patched on April 11, 2010. This patch fixed both the local and remote exploit used in Jailbreakme. So, it took 8 days for Apple to fix.

A quick search through the Microsoft Security Bulletin Summary index shows that this publicly released UAC bypass (see also Exploit-db & CVE-2010-4398) in Windows 7 was not patched until February 8, 2011 as shown in ms11-feb.mspx. Contrary to the Microsoft Security Bulletin for this patch, proof of concept code exist for the UAC bypass exploit. So, nearly 2 and a half months.

Interestingly, it is in the same class of exploit used to achieve privilege escalation in the Stuxnet worm that was discovered in July 2010. The win32k.sys exploit used in Stuxnet was not patched until Oct, 12/2010. So, a little over 3 months.

The win32k.sys exploit in Stuxnet did not work in Vista/7 so another exploit was used to achieve privilege escalation in Vista/7. This Task Scheduler exploit was not patched until Dec, 14/2010. So, a little over 4 months.

The remote exploit used in Stuxnet was public on July 17, 2010 and patched on August 2, 2010. So, roughly two weeks.

But, those local privilege escalation exploits could have been leveraged by other remote exploits while they remained unfixed.

and how many of those were mission critical..
For example you Stuxnet worm which only could do real damage required access to a patch zero day exploit that MS quickly fixed.

Apple is among the worse of the worse when it comes to fixing zero day or mission critical holes.

 

[munkery]

and how many of those were mission critical..
For example you Stuxnet worm which only could do real damage required access to a patch zero day exploit that MS quickly fixed.

Apple is among the worse of the worse when it comes to fixing zero day or mission critical holes.

I really think you should read my post again.

To patch the remote for Stuxnet took two weeks.

To patch the local for Stuxnet in Windows 7 took nearly 4 months.

That local was still exploitable after the remote was patched via any other remote exploit available during that nearly 4 month period.

Remote exploits obviously allow remote access. Local privilege escalation allows payloads to be installed in more sensitive areas of the system without authentication.

 

[Tarzanman]

Having used PCs mostly and Macs some I will say this:

The main difference between *critical* bugs in Windows and MacOS is that you actually hear about the ones in Windows.

Apple seems to believe that non-disclosure is a virtue. I have no doubt that more worms exist on Windows... but that also means that unless a Windows user is conscientiously ignorant, they will have a good idea of most of the common vectors for malware infection (first it was disks and usb sticks... then flash, MSIE, PDFs, etc).

Most Mac users have no clue whatsoever. They assume that their machines are safe from exploits and wouldn't know the first thing about how to go about ridding their machine of malevolent code.

But yes, beware hubris. Hipsters and yuppies are buying macbooks in large numbers. You probably won't ever see infections on as grand a scale as with windows...most mac users won't see anything at all due to their lack of sophistication.

Out of sight out of mind, eh?

 

[zenio]

Apple is like the government. Delay & deny the problem.

After years their MBP's still run hot. At times so hot they shut down. I've never experienced either with my equally configured ThinkPads.

Proof?

https://forums.macrumors.com/threads/1105643/

 

[gibbz]

Apple is like the government. Delay & deny the problem.

After years their MBP's still run hot. At times so hot they shut down. I've never experienced either with my equally configured ThinkPads.

Proof?

https://forums.macrumors.com/threads/1105643/

Seems a bit off topic

 

[*LTD*]

Seems a bit off topic

That's his schtick. We all gotta have one, I guess.

 

[Melrose]

Apple is like the government. Delay & deny the problem.

After years their MBP's still run hot. At times so hot they shut down. I've never experienced either with my equally configured ThinkPads.

...I understand maybe you had a problem w your computer, but sheesh, lighten up a bit.

 

[roadbloc]

I think it is good that Google is accepting responsibility and doing something about it instead of just saying "It's up to the user if they download it..."

 

[maflynn]

This reminds me of Amazon Removes E-Books From Kindle Store, Revokes Ownership

Google did this before, and under the current circumstances it was a good move. Why have the malware on consumers phones if they have a way to remove it.

Google needs to be more involved to ensure the android customers are not affected by malware. On one end you have apple with its closed system that is too aggressive and having one company dictate what I can read or use, is not good. on the other end of the spectrum you have google with its complete hands off approach. This hasn't really worked too well when comes to malware.

 

[rhett7660]

This sounds good to me. Just as Mac stated. Glad to see they took a proactive approach and removed the software.

 

[Rodimus Prime]

I want to know if Apple has a back door kill switch like that.
I know Google stated publicly that they had this kill switch and they stated that a while ago.
MS has also publicly stated that they have a back door kill switch they can use on all their phones.
Honestly I think it is a good thing to have those switches as it does help fight malware that will get out there.
It is only a matter of time before we see something like that hit the Apple App Store. Do not say oh it never will happen.... Apple already shown that they do not catch this stuff. It would be a cake walk to do it. Just make sure it has a time release so it gets threw the review process before being spotted and has time to get downloaded.

Back on Google and MS at least they both are up front about it and Google publicly states when they use their kill switch and what the reason was. As long as it is a good reason (malware) I am fine with it. The reason can not be to keep the carriers happy or to stop competitors .

 

[maflynn]

I want to know if Apple has a back door kill switch like that..

Dollars to donuts, they do. Given the control they exert over iOS, apps and the platform. I cannot help but think they have a mechanism to expunge an app from an iPhone, iPad or iPod touch.

 

[Rodimus Prime]

Dollars to donuts, they do. Given the control they exert over iOS, apps and the platform. I cannot help but think they have a mechanism to expunge an app from an iPhone, iPad or iPod touch.

better question will be what they will say when they use it and then the fanboys here bashing Google for doing it will be saying to defend it.

I bet they have it and I honestly think it is a good idea to have it. Just have to be very careful when you use the nuclear option and better have a good reason to do it.

 

[dejo]

I bet they have it...

Yes, they have it: http://www.macworld.com/article/134930/2008/08/iphone_killswitch.html

This has been known for years now. No need to bet on it.

 

[kdarling]

I want to know if Apple has a back door kill switch like that.

Yes, as I mentioned in my post, Apple has a way to delete apps.

Apple confirms kill switch - MacRumors News, Aug 2008

"Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull" - Jobs