Researchers discover first malware to target Google's Android
New Android malware texts premium-rate numbers - Computerworld
New Android malware texts premium-rate numbers - Computerworld
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Researchers discover first malware to target Google's Android
- Thread starter Slick1020
- Start date
optikalillusi0n
Member
Why won't they say what app it is ? Kinda messed up, heh.
Vihzel
Destroying Balls Everyday
The article says it's called "Movie Player"
So it begins.
ThatNewAndroidGuy
Android Enthusiast
Yea its gonna suck, esp at the rate android OS is climbing, while also being open source.
optikalillusi0n
Member
Ack.. I totally missed that. lol, thanks.
Yet another reason I wish I could run apps in a doghouse.
I also wish the Android firewall would work also, but so far, it's no soap for me on the Evo.
grainysand
Android Expert
Do you... do you actually think open-source magically means it's less secure? I'm not sure you get what "open-source" means.
I think he's referring more to the fact that the Android market is virtually unmonitored.
The supreme irony is that 6 months from now, users with rooted phones and AOSP will yawn, because we'll have long since hacked the source to intercept and block outgoing SMS requests to shortcodes and non-American areacodes. Meanwhile, users obediently running official carrier-blessed ROMs will be screwed since carriers won't want to risk having twenty million customers decide to not send votes to American Idol because it would mean having to unblock shortcodes first in the settings menu...
Actually more of a virtual wrapper around the app so that all ports in and out may be controlled or even simulated for study.
Just as a sandbox protects a repository and limits damage done to source by local tinkering, a doghouse protects an OS and limits the damage an app can do by nefarious outreach of network ports.
In some organizations the two terms have a certain interchangeability.
I took it at face value and that the meaning was simply that with open source there might be a higher potential for exploits to be found by direct examination of the infrastructure and privileged-action handling mechanisms.
This has been a well-known and long-term admonition against open source and proponents line up on both sides of the line in the sand to argue for and against its reasonableness and probability.
I didn't say it, but that's how I read it, and I defend that it's at least worthy to keep on the table until this OS matures further and all facts are known.
FWIW - I'm a huge proponent and supporter of FOSS and have been for nearly two decades.
ThatNewAndroidGuy
Android Enthusiast
This is what I meant. To me it's like you have the blueprints for the bank/mansion you want to break into. So they will just look for the doors in the source.
Russian (and now Chinese) hackers are known to be particularly clever.
However, in this case, I think the entire exploit was relying on user laissez-faire and was rather straightforward, from what little I've read.
Regardless of market vetting by any camp, over-trust by users will probably always be the most-used infection vector for any OS, in my opinion.
People often flame me for what I'm about to say, and that's a don't-care for me:
I note that the report on this exploit was given by a anti-virus/malware vendor.
I've noted over the years that the anti-virus/malware vendors seem particularly adept at fixing viruses almost as soon as they're released into the wild - and the more vendors for that sort of thing there are, the more viruses seem to crop up.
People tell me there's no one hiding under my bed and that I have cause and effect wrong.
And I just follow the money.
On this, I'm probably completely wrong. I often am.
In this case, the exploit did accompany a profit motive for the black hats.