If you think of your smartphone as just a phone, rather than a very powerful mini-computer that happens
to be able to make phone calls, think again. And the OS used on them, such as Android does not have
a stellar security record. Also any security system is only as good as its weakest link, and humans
are the weakest link.
Now smartphone is the greatest spying machine invented by mankind. And like Pc and tablet that you
own it is spying on you in several areas, not limited to your shopping preferences (Google has this
delusional idea that if they know more about you, you will click their ads more often ;-). What banal
evil works in the hearts of men? What sites did you visited? What's on your Google Calendar? In Gmail
inbox? What applications you downloaded and/or bought? The inquiring people from Google and three letter
agencies want to know!
At the same time the amount of sensitive data many people store on their smartphones is truly staggering.
In Eastern Europe smartphone often are used for direct access to bank accounts. As passwords are difficult
to type the smartphone stores passwords to Facebook, Twitter, and our email accounts. The phone numbers
and email addresses of all our friends and colleagues are readily available in the contacts directory
and are open for grabs from Google (who provides backup), you telecom provider (which also offer a backup),
government and malware on your phone.
Think about consequences if a thief gets his hands on all that data... And smartphone itself and
smartphone data in particular aren’t especially hard to steal. Moreover smartphones are often simply
lost. If one is not protected by password, then all data are exposed. Annually, thousands of smartphones
are left in the backseat of a taxi, in Walmart and other stores, slip out the pocket when you are sitting
somewhere, left in the seat pocket of a plane, in the bar, by the hotel pool, or on a conference table
after a meeting.
But the most common security threat for Android devices is compromise via Windows-style infection
of your phone OS by some malware. Often downloaded and installed on our phone by unsuspecting you. Android
malware is a reality. Google does not release the number of infected smartphones, but it is expected
to be in millions. Rooted phones are especially susceptible, as they are owned by people who try more
things on the phone then an average Joe User.
Recently (2013) there was information about a botnet on Android phones. That means that Google fell
under the spell of "Windows curse". And there is no easy way out of this trap.
Of course any user can easily wipe out their smartphone via "return to factory settings" operation
available, but few do that unless the phone badly malfunction. The problem is that there is no clear
segregation between user data and program in Android, like there is none in Unix. And wipe out of programs
often means wipe out of all you data. Actually contacts are the easiest part to save by a user, as there
is an export operation in Android contacts application.
Android security architecture
Android made several things right
Unix kernel and API are well known and well studies from security point of view.
All applications are signed. But there is no "classes" of signed applications.
All Android applications run on the Dalvik virtual machine (DVM). The DVM is analogous
to the Java Virtual Machine (JVM). Even a built-in system application—will execute in its own instance
of the Dalvik VM. In other words, it operates inside a walled garden of sorts, with no outside interaction
among other applications, unless explicitly permitted. Since starting up individual virtual machines
can be time consuming and could increase the latency between application launch and startup, Android
relies on a preloading mechanism to speed up the process. The process, known as Zygote, serves two
functions: it acts first as a launch pad for new applications; and second, as a repository of live
core libraries to which all applications can refer during their life cycles.
Diversification by multiple ARM architecture provides some level of protection against binary
exploits.
What mistakes Android developers did
In order for an application to access high-privileged APIs or even gain access to user data,
it has to obtain permission from the end user. And most users grant whatever was asked indiscriminately.
Application developer adds required permissions to AndroidManifest.xml file. Then, when
installing an application for the first time, the end user is prompted by the device to grant or
deny specific permissions as required by the application. The user also be easily tricked into de-installing
a legitimate application and installing a fake, malware application.
No lightweight virtual machines (Solaris zones) implemented to provide for several different
identities of the user. For example one for regular use and the other for banking applications.
Solaris style zones would be perfect for this.
Java VM implementation is way too complex and is a constant source of security vulnerabilities.
Linux kernel is way too complex and has less modern security mechanisms that alternatives.
For example, the addition of Solaris RBAC would be a good idea. The addition of SELinux in version
4.3 was late but still might improve security.
Updates are extremely weak spot of Android. Here Microsoft generally wipes the floor with Android
developers. In comparison with Android, Windows 8 update process works like a clock. You can complain
about quantity and quality, but there is no questions that in Windows patching mechanism is pretty robust
and well debugged. Of course it can be hijacked, but that is mainly domain of three latter agencies.
Parches are provided for Windows for free by Microsoft itself.
In Android this task is offloaded to the vendors. Google does not provide a patching framework and
does not provide patches. Everything need to be done via vendors. And vendors are simply not interested.
Some are better then others but generally with the average two-three year device update cycle there
is a strong tendency to cut corners in order to save costs. And carries do not want to subsidize this
process, unless absolutely necessary.
Sad status of Android updates by many Android smartphone and tablets vendors such as produced by
Samsung has been widely criticized by consumer groups and the technology media. Backwards compatibility
is a problem for other smartphone OSes, but it's worst on Android.
Some commentators have noted that the industry has a financial incentive not to update their devices,
as the lack of updates for existing devices speed up the purchase of newer ones. Kind of "accelerated
obsolesce" play... As the Guardian noted that the bizarre complicated method of distribution for updates
is mainly due to the fact that manufacturers and carriers have great difficulties to cope with the extreme
diversity of Android phones hardware. Acceptance testing it to make sure everything works on the phone
after the update is an expensive and slow process. Cases when a perfectly good phone became unstable
after the update from 4.0.x to 4.1.x are plenty.
In 2011, Google partnered with a number of industry players to announce
an "Android Update Alliance", pledging to deliver timely updates for every device for 18 months after
its release. As of 2013, this alliance has never been mentioned since (Ars
Technica). The companies were happy to make noises about co-operating to make the situation better,
they had no real incentives to do so.
"Due to the fractured nature of the Android network, it is very difficult for patches to reach all users
in an effective timeframe. In some cases, users will never get patches as vendors leave their customers
at risk of attack," JD Sherry, vice president of technology and solutions at Trend Micro, said in a
statement. "Until we have the same urgency to protect mobile devices as we have for protecting PCs,
this very real threat will continue to grow rapidly. At the rate this malware is accelerating–almost
exponentially–we appear to be reaching a critical mass. To fight this, Android users need to take great
care when using their devices and take the simple, but effective, step of adding security software to
all mobile devices." - See more at: http://www.eweek.com/small-business/android-security-threats-rise-online-banking-malware-jumps#sthash.iIk4jLdy.dpuf
"Due to the fractured nature of the Android network, it is very difficult for patches to reach
all users in an effective timeframe. In some cases, users will never get patches as vendors
leave their customers at risk of attack," JD Sherry, vice president of technology and solutions at
Trend Micro, said in a statement.
"Until we have the same urgency to protect mobile devices as we have for protecting PCs, this
very real threat will continue to grow rapidly. At the rate this malware is accelerating–almost
exponentially–we appear to be reaching a critical mass. To fight this, Android users need to take
great care when using their devices and take the simple, but effective, step of adding security
software to all mobile devices."
Eventually the lack of security updates *is* going become an issue - at which point the whole
ecosystem is going to be in serious trouble. Google is clearly buying into the "your phone is your
wallet" metaphor - and "your phone is your wallet that practically anyone can steal from" isn't nearly
as appealing a notion ;-)
Many users resent absence of root access to their devices and consider this to be an attempt to replicate
Apple-style ecosystem: completely closed ecosystem that has implicit purpose to extract more money from
users. I myself consider this situation unacceptable as you can't fully backup and restore the device
yourselves. The only option availble for users is to restore the device to factory defaults. Which is
better then nothing but far cry from modern OS standard capabilities.
Going to factory defaults for obvious reasons is "the last resort" solution although you can adapt
to it backing up "user space" and reinstalling applications. The latter can be scripted. But like any
situation with the severe restriction on user behavior it create similar to "Apple hate" wave of "Google
hate" among advanced users.
As users are not allowed access to root, Android users have became hostages of malware developers.
Backup and restore on android devices are primitive and are severely handicapped in comparison with
Linux or Windows.
So restrictions to root access does not help unsophisticated users, who fall victims of malware anyway,
and really handicap sophisticated users limiting their ability to backup and restore the system and
fight malware. That's why rooting Android devices instead of hacker entertainment became a necessity
for sophisticated users.
"Windows effect" means that as soon as OS became dominant in particular segment of the market, it
became favorite target for malware attacks and hacking. At this point it became difficult to "defend
the castle" independently of its technical qualities (not that Windows has a good security architecture).
The rule 2:1 of regular warfare probably is applicable here: if the number of fighters on one side is
at least twice larger then the amount of fighters on the other side, this numerically inferior side
is in trouble.
Like for Microsoft in the past Google primary objective of initial Android development was gaining
market share, security be damned. In other words Google from the beginning sold its soul to the devil
;-).
And if the major contingent of a complex and powerful OS are unsophisticated users, then the task
of providing good security is really formidable and requires new architectural vision, and innovative
solutions. Android make a few steps in a right direction, but generally it is bound by its Unix origin.
The initial architectural compromises were structured for devices with very restricted computational
capabilities. Then the situation drastically changes and devices became powerful enough to run full
version of Unix. This is kind of replay of similar historical relationship between DOS and Unix.
As for really innovative solutions, Android has none. Moreover it is generally understood by users
much worse then Windows 8, which creates additional security risks. Recently Dr. Web found a botnet
that existed on Android smartphones. That information needs to be independently verifies buy it is not
surprising to have all types of malware developed for Windows migrated to Android.
Google does not manually check applications before they get to the Google Play Store. Automatic checks
are insufficient barrier for malware. In 2012 company removed nearly 60K malicious applications. Many
Android applications are of dubious quality and/or contain spyware.
"The Federal Trade Commission announced on Thursday that it settled with the maker of 'Brightest
Flashlight Free,' a popular Android mobile application, over charges that the company used deceptive
advertising to collect location and device information from Android owners. Recently the top downloaded
Android application was busted by FTC as spyware:
Statistics from the site indicate that it has been downloaded more than one million times
with an overall rating of 4.8 out of 5 stars.
The application, which is available for free, displays mobile advertisements on the devices
it is installed on.
However, the device also harvested a wide range of data from Android phones which was shared
with advertisers, including what the FTC describes as 'precise geolocation along with persistent
device identifiers.'
As part of the settlement with the FTC, Goldenshores is ordered to
change its advertisements and in-app disclosures to make explicit any collection of geolocation
information, how it is or may be used, the reason for collecting location information and which third
parties that data is shared with."
The problem with Android is that if your phone or tablet is "owned", you can do nothing other then
restore it to factory defaults as you do not have access to root.
If the major contingent of a complex and powerful OS are unsophisticated users, then the
task of providing good security is really formidable and requires new architectural vision
Some promising security approaches within the framework of classic Unix kernel design and some outside
it are available, but were never used. For example, it would cost almost nothing (probably less then
$5 per tablet) to provide all Android tablets with hardware-based token, implementing SecurID style
authentication scheme. That was not done, and this fact enables banking fraud. So, if you bank does
not support SecurID style authentication, you better do not access its Web portal from Android devices.
Some banks try compensate for this sending SMC messages which initiate smart token functionality, but
if the your smartphone or tablet is owned by some type of powerful malware this might be not enough.
But it is definitely better then nothing.
In other words in its current form Android is unsecure for Web banking. As simple as that. Without
such a token, interception of the passwords means the compromise of the account.
As Android kernel was based on Linux kernel 2.6 (and now 3.0) some vectors of attacks are related
to this heritage. For example linux kernel like any classic Unix kernel has all-powerful root and underpowered
regular user accounts. That means that process which, for example, needs to access low port (below 1024)
need to became root at least on temporary basis to perform this part of the task.
In a similar way the ability to access Web and Web-based search engines expose Android user to malicious
sites. Some of which can be created specifically to target popular smartphones such as Samsung Galaxy
S III.
Being open source also does not help in this regard. It actually hurts as instead of disassembly
you can just study the available codebase and try to invent some nasty exploit that allows you to become
root. So in Android you from the beginning has capability which in Windows world have only three letter
agencies and employees of large corporations which get Windows source code.
Instead of analyzing code trying to find exploit yourself you can buy a zero day exploit on the black
market. Such a market exists for the most popular devices, and Android is no exception. Possession of
not yet patched zero day exploit (and Android vendors are slow in providing patches) means that you
are in, if the user replicates the conditions necessary for this exploit, for example access a certain
("inflected") Web site. As we discussed above, the problems with patching of Android are severe due
to decentralization of the process.
Around 2012 Google realizes the situation with Android security is bad and can get worse. That's
why it put in the kernel SE Linux framework. It's already exist in Android 4.2.2 but works in permissive
mode. It is badly needed, although I would prefer Google to support AppArmor instead. SELinux is difficult
to configure and that means troubles for both Android developers and Android users. AppArmor is a more
elegant, more understandable and more robust way to provide SE-linux style functionality.
Any application that runs on the Android operating system must be signed. Android uses
the certificate of individual developers in order to identify them and establish trust relationships
among the various applications running in the operating system. The operating system does not allow
an unsigned application to execute. At the same time, the use of a central certification authority to
sign the certificate is not required, and Android will happily run any application that
has been signed with a self-signed certificate.
The unlocking (rooting) and "hackability" of smartphones and tablets remains a source of great tension
between the community and industry.
Android applications run in a sandbox, an isolated area of the system that does not have access to
the rest of the system's resources, unless access permissions are explicitly granted by the user when
the application is installed. Before installing an application, the Play Store displays all required
permissions: a game may need to enable vibration or save data to an SD card, for example, but does not
need the ability to read SMS messages or access the phonebook. After reviewing these permissions, the
user can choose to accept or refuse them, installing the application only if they accept.
This scheme is deeply defective and does not work for unsophisticated users. They are by definition
are too naive to understand consequences of their actions. Theoretically both the sandboxing and permissions
system lessens the impact of vulnerabilities and bugs in applications, but huge percentage of unsophisticated
users creates an effect of "a second Windows". Moreover the developer confusion and limited documentation
has resulted in applications routinely requesting unnecessary permissions and users happily granting
them, reducing security to a minimum.
In a way Google proved to be completely incompetent to solve this difficult and important problem
and decided just to "go with the flow". As a result Google by-and-large replicated the situation with
malware that exists on Windows on a new platform.
Security industry already sensed the opportunity and the necessity to protect Android users from
design defects inherent in attempt to provide powerful OS for unsophisticated users and from growing
spectrum of Android malware. We can expect that generally there is will be a "security tax" on Android
users, similar to "Windows insecurity tax."
Several Windows AV products vendors have already released antivirus software for Android devices.
They need to run as root as otherwise sandboxing also applies to such applications
As Android became the
mobile equivalent of Windows for hackers, there are several types of Android malware in the wild,
with some closely resembling Windows malware.
Premium service abuse. It is probably the most common type of Android malware, where text
messages are sent from infected phones to premium-rate telephone numbers without the consent or even
knowledge of the user.
F-Secure said PremiumSMS, an
SMS Trojan family with 21 new variants, was identified in the fourth quarter of 2012. "The
users will be completely unaware of these activities until the charges appear on their bills,"
the firm said.(crn.com)
Adware. The second prominent type of Android malware is similar to Windows Adware and
displays unwanted and intrusive advertisements on the device.
Spyware. Yet another common type of malware is spyware which sends personal information
to unauthorized third parties. Here there is another aspect of this problem: any Android user is
under the microscope of Google.
We will discuss this problem separatly. In a way each and every Android phone is a spyware device.
There is also specialized information stealing Trojans in the wild (crn.com):
F-Secure also documented two new information-stealing Trojans. Android/InfoStealer.A
masquerades as a legitimate application, but steals device details, the victim's email address
phone number and location to a remote MySQL server. Android/MaleBook.A has similar functionality,
collecting more device-specific information and sending it to a remote server. Both Trojans surfaced
in Asia and are connected to aggressive advertising services.
Botnets. Android-based botnets are probably a reality and are used to distribute dangerous
malware including banking Trojans. Initial report about Android spamming botnet proved to be false.
But later Kaspersky Lab reported that mobile botnets are being used to distribute the Obad.a
Trojan, which can gain administrative rights on an Android device -- allowing its masters to
do pretty much anything they want with the infected handset.
Google engineers were caught without pants by recent revelation about banking Trojans on Android.
They have argued that the malware and virus threat on Android is being exaggerated by security companies
for commercial gains. They accused the security industry of playing on fears to sell virus protection
software to users. Which is of course right take ;-). Google maintains that dangerous malware on Android
is actually extremely rare (but then why they never disclose the data about the number of infections?).
But the can't deny that it exists and is growing.
Google currently uses their Google Bouncer malware scanner to scan the Google Play store apps. It
is intended to flag up suspicious apps and warn users of any potential issues with an application before
they download it. Still there have been cases when Google has allowed infected apps into their store.
So the fact that the majority of apps on Google Play are reasonably safe means nothing. But existence
of malware in Google Play store serves and an indication Google vulnerability and impotence of Android
designers to solve this problem. Now they need to confront the threat.
Android 4.1 (Jelly Bean) has enhanced security features, including a malware scanner built into the
system, which works in combination with Google Play. It can scan apps installed from third party sources
as well. There is also an alert system which notifies the user when an app tries to send a premium-rate
text message, blocking the message unless the user explicitly authorizes it.
Android 4.2.2 and forthcoming version 4.4 includes
SELinux in the kernel. It might be too little too late as ecosystem is pretty mature and bringing
all the applications under SELinux umbrella is a
formidable task.
The Android operating system remains a prime target for cyber-criminals, as Android’s user base expands
but security remains weak. - See more at: http://www.eweek.com/small-business/android-security-threats-rise-online-banking-malware-jumps#sthash.iIk4jLdy.dpuf
The Android operating system remains a prime target for cyber-criminals, as Android’s user base expands
but security remains weak. - See more at: http://www.eweek.com/small-business/android-security-threats-rise-online-banking-malware-jumps#sthash.iIk4jLdy.dpuf
The Android operating system remains a prime target for cyber-criminals, as Android’s user base expands
but security remains weak. - See more at: http://www.eweek.com/small-business/android-security-threats-rise-online-banking-malware-jumps#sthash.iIk4jLdy.dpuf
The Android operating system remains a prime target for cyber-criminals, as Android’s user base expands
but security remains weak. Trend Micro (not a disinterested party ;-) projected that at the end of the
year there will be around a million malicious and high-risk Android apps.
Trend Micro projected.
Smartphones and tablets are increasingly used to access banking portals. According
to the Federal Reserve Board
report “Consumers and Mobile Financial Services 2013,” in the United States “48 percent of smartphone
owners have used mobile banking in the past 12 months, up from 42 percent in December 2011.” Of that
48 percent,
“Nearly half of mobile banking users appear to be using mobile apps to conduct their banking
transactions, as 49 percent have installed such applications on their phones.”
Eset revealed that a bad app it discovered in
September 2013 --
Hesperbot -- is actually a mobile banking Trojan along the lines of Zeus and SpyEye, but with significant
implementation differences that make it a new malware family (Computerworld,
Sept. 9, 2013)
A banking Trojan believed to have stolen millions from victims' accounts also has surfaced on
Android devices. The Carberp Trojan steals online banking credentials or usernames and passwords
for other websites.
The mobile version, called Citmo.A, monitors incoming SMS and steals the mobile
Transaction Authentication Number (mTAN) that banks send to customers to validate an online banking
transaction. The cybercriminals behind the malware then use the stolen mTAN to drain victims' accounts,
F-Secure said.
The technique is similar to the
Zeus Man in the Mobile
(Mitmo), an extension of the Windows-based Zeus Trojan, which records the mTAN number sent to Android
users. The mobile version of Zeus surfaced in 2010. To get the malware on the user's device,
the malware writers inject a phony security notice into the banking session asking the customer for
their phone model and number. An SMS link is sent to the victim adding the malware component to the
device, F-Secure said.
According to McAfee in June 2013 an Android banking Trojan that replaces popular South Korean banking
apps with malware was found in the wild.
This threat steals sensitive information and banking credentials to perform financial fraud. Like
other mobile threats in South Korea (like
Smsilence), this one uses “smishing” (SMS phishing) attacks that employ fake messages from the
Financial Services Commission asking users to
install new antimalware protection. However, when the user clicks on the shortened URL, what it is
being downloaded is in fact malware, which masquerades as the Google Play app, using the same icon
(but without a label).
If the victim executes the malware, it checks whether any of the following South Korean banking
apps are installed:
KB Kookmin Card (from the biggest credit card company in the country),
IBK (Industrial
Bank of Korea),
Shinhan
Bank, Nonghyup
Bank,
Woori
Bank,
SC First Bank (currently not available in Google Play),
Hana Bank and
KFCC (Korean
Federation of Community Credit Cooperatives). If the malware finds one or more of them, it whether
the device is rooted–to perform a silent uninstall of the banking application by executing the following
commands with root (superuser) privileges:
mount -o remount rw /data (remount the data partition as read/write)
chmod 777 /data/app/<package_name_banking_app>.apk (changes permissions of APK file)
pm uninstall <package_name_banking_app> (silently removes the application)
If the user does not have the device rooted (the su binary is not present), the fake Google
Play app asks to uninstall the legitimate banking app and, in exchange, offers the installation of
another app (even if the user already granted root privileges) with the same icon but requesting
very suspicious permissions:
Android smartphones are very powerful devices and abuse of those devices capabilities
both by the major players such as Google, Facebook, etc for their private gain and government, are serious
concerns.
Stamrtphones have the ability to record the location of Wi-Fi access points, encountered
as phone users move around, to build databases containing the physical locations of hundreds of millions
of such access points. These databases form electronic maps to locate smartphones, allowing them to
run apps like Foursquare, Google Latitude, Facebook Places, and to deliver location-based ads. Third
party monitoring software such as TaintDroid, an academic research-funded project, can, in some cases,
detect when personal information is being sent from applications to remote servers.
Recently another source of security problems for Android was revealed via publication of some materials
about Prism program by Snowden. That undermines confidence in the platform as there is no guarantee
that all your voice and data streams are not written on some remote NSA server and, adding insult to
injury, not without Google help. That violates the idea of "no arbitrary searches", which is a cornerstone
of Western law system.
That does not increase the confidence about the platform, but two other major platforms (iPads and
Windows 8 based tablets) suffer from the same problem. all can contain NSA backdoors and Skype monitoring
tools installed without user consent. See Cloud
providers as intelligence collection hubs
Protection against arbitrary searches and seizures overlaps with the rights to liberty, privacy
and natural justice. In English law, the right to be free of arbitrary searches and seizures is found
mainly in the legislation regulating the powers of the police to conduct searches and take evidence.
Therefore, under the
Police
and Criminal Evidence Act 1984, a constable's right to
stop and search persons
and vehicles is limited by section 2, as are the powers of a
Justice of the Peace
to authorise the entry and search of premises. In addition, section 60 of the
Criminal Justice and Public Order Act 1994 allows a senior police officer to authorise all police
officers in a locality to stop and search any pedestrian or vehicle where the officer has grounds
for believing that the individual is carrying an 'offensive weapon' or a 'dangerous instrument'.
In 1998 this legislation was extended to allow the officer to require the person to remove clothing
worn for the purpose of concealing his identity, and to confiscate that article of clothing. Special
extended powers also apply in the case of terrorist suspects.
In civil cases, a judge may grant an
Anton Piller order
authorising the search of premises and seizure of evidence without prior warning. The order's purpose
is to prevent the destruction of incriminating evidence, particularly in cases of alleged
intellectual property
infringement (see the French
Saisie-contrefaēon,
which has the same purpose).
Right to respect for private and family
life
An individual's right to respect for his or her private or family life is protected insofar as
the activity being pursued has not been outlawed or restricted by the state. In that respect, the
fact that an individual has consented to the performance of an act which would otherwise be unlawful
does not change the status of the act; thus, in a case involving acts of
sado-masochism committed
in private between two consenting adults, the House of Lords held that the victim's consent to the
acts did not afford their author a defence to charges under the
Offences
against the Person Act 1861.[13]
Similarly, an individual is free to make choices as to his private life, for example in pursuing
homosexual relationships,
but the law may not in certain circumstances intervene to ensure that his status and rights are not
affected as a result of these choices. In R v. Ministry of Defence, ex p. Smith the Court
of Appeal upheld the Ministry of Defence's policy not to admit homosexuals to the armed forces;[14]
the claimants later brought a case before the
European Court
of Human Rights which found violations of Articles 8 and 13. The Court of Appeal held in another
case that it was reasonable for the parents of a child up for adoption to refuse consent to adoption
on the ground that the proposed adopter is a
lesbian.[15]
The right to respect for family life is qualified by the broad principle that the welfare of the
child is paramount and parental rights must take second place. As expressed by
Lord Scarman, "parental
rights are derived from parental duty and exist only so long as they are needed for the protection
of the person and property of the child", and by
Lord
Fraser, "parental rights to control a child do not exist for the benefit of the parent".[16]
The effect of this is to allow state intervention in family life where justified in the interests
of the child in question, and the
Children Act 1989 gives
effect to this by providing a basis on which decisions relating to a child's welfare are made. Section
1 of the Act provides that a court must, when taking a decision with regard to a child, take into
account the child's wishes and feelings.
A smartphone is a spying device from which one also can make phone calls. After Prism is
should be clear to anybody that goverments intercepts your email messages and record your phone
calls just because they can.
"..reporters identified more than 1,000 people spanning more than 50 countries. They included
several Arab royal family members, at least 65 business executives, 85 human rights activists,
189 journalists and more than 600 politicians and government officials – including several
heads of state and prime ministers." -- and all those idiots use plain vanilla Anroid or IOS.
Nice. They probably have no money to buy a basic phone for $14 or so. That does not save from
wiretapping but at least saves from such malware.
Southfront reports that an Israeli company's spyware was used in attempted and successful
hacks of 37 smartphones belonging to journalists, government officials and human rights
activists around the world, according to an investigation by 17 media organizations, published
on July 18th.
https://imasdk.googleapis.com/js/core/bridge3.472.0_en.html#goog_621104237 12 Retailers
Where Plastic Bags May Disappear Soon NOW PLAYING MLB All-Star Game: Best Home Run Props To
Target UP NEXT Boeing Finds Flaws in 787 Dreamliners, Cuts Delivery Target Big Tech, Earnings,
Meme Stock Momentum – On TheStreet Monday Target, Walgreens close early due to thefts in
California stores Rose McGowan supports Britney Spears' over conservatorship Rose McGowan is
"brutally angry" about Britney Spears' conservatorship How To Check if You're Actually Getting
a Good Deal on Prime Day
One of the organizations, The Washington Post, said the Pegasus spyware licensed by
Israel-based NSO Group also was used to target phones belonging to two women close to Jamal
Khashoggi, a Post columnist murdered at a Saudi consulate in Turkey in 2018.
One of them was his fiancee, and she and the other woman were targeted both before and after
his death.
The Guardian, another of the media outlets, said the investigation suggested "widespread and
continuing abuse" of NSO's hacking software , described as malware that infects smartphones to
enable the extraction of messages, photos and emails; record calls; and secretly activate
microphones.
The investigation highlights widespread and continuing abuse of NSO's hacking spyware called
'Pegasus' which the company confirms is only intended for use against terrorist groups, drug
and human traffickers, and criminals.
Pegasus is a very advanced malware that infects iOS and Android devices to allow operators
of the spyware to copy messages, photos, calls and other data, including secretly activate
microphones and cameras.
Based on the investigation, the leak contains a list of 50,000 phone numbers that have been
identified as those of people of interest by clients of NSO since 2016.
The list includes many close family members of one country's ruler, suggesting he might have
instructed the country's intelligence agencies to explore the possibility of tracking and
spying on their own relatives.
anti-bolshevik 8 hours ago (Edited)
Two articles from Motherboard Vice:
Is Israel EXEMPT from the ' rules-based order ' that Biden / Blinken / Yellen constantly
affirm?
Any incoming Sanctions? Any Treasury asset-seziures?
Motherboard uncovered more evidence that NSO Group ran hacking infrastructure in
the United States.
A former NSO employee provided Motherboard with the IP address of a server setup to
infect phones with NSO's Pegasus hacking tool. Motherboard granted the source anonymity
to protect them from retaliation from the company.
The licensor of software is not the user of the software. An Israeli company developed
it and may have used it.
In weapons terms, an Israeli company was the arms developer.
However, there are the licensees and users of the software. The factions and individuals
who actually used this weapon of war and political coercion.
In weapons terms, there are others, like the US and other country intelligence
communities who will be the ones who pulled the trigger.
The "trigger pullers include the Bolshevik Democrat party and the Biden campaign, which
used it to control citizens through intelligence gathering (remember Judge Roberts?) and
extract political donations from corporations and rich individuals. Don't forget the
Globalist GOP RINOs and Tech monopolists, who have used this weapon to control and subvert
anyone that they need to subjugate.
Bye bye Apple, Xiomi and Google Android. You just lost your market of brainwashed sheep
for new mobile phones. Even the unwashed Joe Six-Packs of this world now know they are
being manipulated with the phones that are so expensive.
MASTER OF UNIVERSE 11 hours ago
I've spent many years studying Experimental Psychology & Personality Theory and can
honestly state that malware can't determine appropriate behavioural signals intelligence
enough to act responsibly, or judiciously.
Algos are dependent upon Behavioural Science & human analytics. They are crude tools
that employ hit & miss techniques that hardly ever work accurately.
Israeli intelligence tries to look state of the art, but they are just as dimwitted as
the CIA.
WorkingClassMan 10 hours ago
They might be dimwitted and hamfisted but like an elephant with a lobotomy they can
still do a lot of damage flailing around. Worst part about it is them not caring about the
consequences.
NAV 10 hours ago remove link
It's amazing how the "dimwits" control the entire apparatus of the most powerful Empire
in the world and the entire world media.
2banana 12 hours ago (Edited)
It's not just some politicians and journalists.
It's everyone.
Your phone spys on you in every possible way.
Pegasus is a very advanced malware that infects iOS and Android devices to allow
operators of the spyware to copy messages, photos, calls and other data, including
secretly activate microphones and cameras.
gregga777 12 hours ago (Edited)
It's been widely for at least a decade that carrying a smart phone is really like wiring
oneself up for 24/7/365 audio and/or video surveillance. They only have themselves to blame
if they've been spied upon by the world's so-called secret intelligence agencies.
[Ed. The next time in a crowded public space, turn on Wi-Fi and count the number of
unlocked phones under the "Other Networks" menu.]
truth or go home 12 hours ago
If you have no phone, and no facebook, then you are likely immune from prosecution. My
neighbor the Fed agent told me 10 years ago that these two sources are 90% of every
investigation. That number has only gone up. They track you with it, they find out your
contacts with it. They find out your secrets with it. Just try to get either of those
things anonymously. You can't.
philipat 11 hours ago remove link
Land of the Free....
Ura Bonehead PREMIUM 7 hours ago
'truth or go home', 'having no Facebook' doesn't help you as FB secures the same
information via data-sharing arrangements with any number of apps you may download, that
came on your phone, or are embedded deep on your phone. Just a fact.
Steeley 4 hours ago
A friend that lives in Pahrump, NV reports that every time he crosses into California a
smart phone Covid Health Tracking App activates and he starts getting notifications. Can't
turn it off or find where it resides. When he crosses back into Nevada it stops.
E5 10 hours ago
"After checking their claims, we firmly deny the false allegations made in their
report,"
Really? So if 99 claims are true and one false? Never did they say there was truth to
the accusation that they hacked phones.
If you are going to commit a crime I suppose you want to "issue a statement" that you
didn't. I guess we have to ask them 2 more times: then it is a rule that you must tell all.
No minion can resist the same question three times.
zzmop 9 hours ago (Edited)
Keyword -'Israeli', Not Russian, Israeli, Not 'Russian hackers', Israeli hackers
eatapeach 9 hours ago
This is old news. Congresswoman Jane Harman was all for spying/eavesdropping until she
got busted selling her power to Israel, LOL.
consistentliving PREMIUM 7 hours ago
Not USA fake paper pushers but Mexican journalists deserve mention here
Revealed: murdered journalist's number selected by Mexican NSO client
Israel doesn't respect human rights!. Israel has been killing defenseless people in
Palestine for more than 50 years. The sad thing is that US support these genocidal sick
sycophats.
wizteknet 10 hours ago
Where's a list of infected software?
vova_3.2018 9 hours ago (Edited)
Where's a list of infected software?
If they take yr phone under control they'd have access to everything & then they can
use the info against you or anybody else in the info. https://www.youtube.com/watch?v=iuBuyv6kUKI
Israeli spy-wear "Candiru" works a little bet different than Pegasus but is also used to
hack & track journalists and activists. https://www.youtube.com/watch?v=nWEJS0f6P6k
The magic number of "6 million" will be the Get out of Jail Card once again.
And, these idiots keep preaching about the great risk China poses...
Steeley 4 hours ago
Embedded in the OS...
Kugelhagel 12 hours ago (Edited)
Is that article an attempt to get some sympathy for "politicians", "journalists" and
"activists"? Try again.
HippieHaulers 11 hours ago
Exactly. Don't forget Kashogi was CIA. And they're using another asset (Snowden) to roll
this out. This story stinks.
WhiteCulture 7 hours ago (Edited)
I installed Nice Systems onto 600 desk tops in 2003 at 3 separate call centers, a call
monitoring and a PC, mainframe CICS, or email, screen scrape capability. When the call
audio was recorded we also captured whatever was on the screen. No doubt the government has
been doing this on our phones and all personal computers for over a decade.
TheInformed 7 hours ago
Your example shows that people are dumb, it's not evidence of some grand 'government
backdoor' conspiracy. Don't conflate the two.
two hoots 10 hours ago (Edited)
Forget the petty herd/individual surveillance, this is a "super power" tool for
investment opportunities, negotiation advantage, strategic decisions, military/covert
decisions, etc. you can be sure that the most improved (undisclosed) versions are in use in
the usual suspect country. Likely spying on the spy's that bought the software from them.
These are those steps beyond Nietzsche's amoral supra-man.
Globalist Overlord 12 hours ago
Whitney Webb was writing about this in 2018.
Snowden: Israeli Spyware Used By Governments to Pursue Journalists Targeted for
Assassination
If Pegasus is used against Human Traffic-ers, then why didnt they get Jeffrey Epstein
earlier?
Occams_Razor_Trader 11 hours ago
Why 'get' people when you can 'use' these people ........................?
RasinResin 11 hours ago
I use to be in IT and worked in association with Radcom. Now you may ask who is that?
They are the Israeli company that is truly behind all monitoring and spying of your phones
in America
"Reuters' spokesman Dave Moran said, "Journalists must be allowed to report the news
in the public interest without fear of harassment or harm, wherever they are. We are
aware of the report and are looking into the matter."
I love the sanctimonious clutching of pearls, wringing of hands, and bleating from the
purveyors of CCP propaganda, woketardness, and globalism whenever the velvet hand that
feeds them punishes them with a throat punch instead.
donebydoug 11 hours ago
Journalists can't be spies, right? That would never happen.
Watt Supremacist 12 hours ago
Yes but do the people working for Reuters know all that?
nowhereman 11 hours ago
Just look at the signature on your paycheck.
Grumbleduke 11 hours ago
they're in the news business - of course they don't!
You know the adage "when your livelihood depends on not knowing" or something....
Enraged 10 hours ago
Listening in on calls is a distraction story by the propaganda media.
The real story is the blackmailing of politicians, judges, corporate executives, etc.
for many years by the intelligence agencies with tapes of them with underage girls and
boys. This was included in the Maxwell/Esptein story.
These people are compromised, which is the reason for the strange decisions they make,
as they support the globalist elite.
There is no reason to spy on journalists, as they are part of the intelligence agency
operations.
Max21c 10 hours ago (Edited)
There is no reason to spy on journalists, as they are part of the intelligence agency
operations.
True the press are either spies or puppets and vassals of Big Brother and the secret
police. They're all mostly agents of the Ministry of Truth. But sometimes they get the
weather report right.
Wayoutwilly 12 hours ago remove link
Bet they have sh!t on Roberts, Kavanaugh and Barrett too.
Brushy 11 hours ago
Wait a minute, you mean the tracking spy device that you carry around and put all of
your personal information on is actually tracking and spying on you?!!
Dis-obey 10 hours ago remove link
They have data on everyone but not enough eyes to look at everyone all the time. So when
you get flagged then they can open all the data on your device to investigate
u.
ay_arrow
Yog Soggoth 10 hours ago
Khashoggi was not a journalist. While interesting, this is not the story of the
year.
Lawn.Dart 10 hours ago
Almost every intellegence agent is a writer of some kind.
Max21c 10 hours ago
NOS is just one company out of many. They have the willing complicity of the security
services of other countries including the CIA, FBI, NSA, DOJ, in the USA and similar per
UK. Secret police use these special contractors to help them engage in crimes and criminal
activities and it does not matter whether the secret police use a foreign or domestic
secret police agency or contractor as they're all in on it together. It's just a criminal
underworld of secret police, secret police bureaus & agencies, and "intelligence"
agencies. They're all crooked. They're all crooks and criminals and thieves that rob and
persecute innocent civilians just like the Bolsheviks, Nazis, Gestapo, Waffen SS, Viet
Kong, Khmer Rouge, Red Guards, ISIS, Stasi, KGB, etc. It's all the same or similar secret
police, police state tactics, state security apparatus abuses of power, absolute power
& its abuses, and spy agencies and intelligence agencies... and those that go along
with it and collaborate. It's all just criminal enterprises and crime agencies.
So you can solve the 10,000 open murder investigations in Chicago with this. That's how
its being used right...
Bostwick9 10 hours ago
"We are deeply troubled to learn that two AP journalists, along with journalists from
many news organizations, are among those who may have been targeted by Pegasus spyware,"
said Director of AP Media Relations Lauren Easton.
OMG . Not journalists !!!!!!!!!!
Guess NSO is a "buy", then.
NAV 11 hours ago remove link
To believe that the Israelis will not use the information that they have is absurd.
Here's one example:
The American Anti-Defamation League under Abe Foxman long made it a practice for decades
to tail all Congressmen – liberal or conservative -- as was brought out in
allegations in the San Francisco trial of its head operative Roy Bullock on charges of
buying blackmail information from members of the San Francisco Police Department as
reported by the San Francisco Examiner. Bullock had collected information and provided it
to the ADL as a secretly-paid independent contractor for more than 32 years.
Can it be that there's a connection between data of this kind and the unbelievable
unification of almost every congressman behind every Israeli position?
Of course, the San Francisco Examiner no longer is in existence. But Israeli trolls
continue to gather like wasps upon meat to destroy any information that might reveal their
nefarious purposes.
In 1993 the FBI interviewed
40-year undercover ADL operative Roy Bullock , who had improperly obtained social
security numbers and drivers licenses from San Francisco Police Department officer Tom
Gerard. Gerard and Bullock infiltrated and obtained information on California
Pro-Palestinian and anti-Apartheid groups as paid agents of both the ADL and South
African intelligence services. The ADL paid tens of thousands in damages over the
incident and promised not to collect confidential information in the future.
SARC '
novictim 8 hours ago
What do you want to bet that Orange Hitler and associates along with MAGA Republicans,
their attorneys, friendly patriot reporters, etc, have had their phones widely hacked going
all the way back to 2016?
Because when you are a "progressive" in power, anyone who wants to unseat you is a
terrorist threat and you can do just about anything you want to them because you are saving
the world.
Sarrazin 8 hours ago
unseat you is a terrorist threat and you can do just about anything you want to them
because you are saving the world.
Funny, it's the same formula US foreign policy applies to all it's victims nations
around the world. Fighting terrorists in the name of saving the world.
LEEPERMAX 9 hours ago (Edited)
💥BOOM !!!
In 2020 alone, Facebook and Amazon spent more money on
lobbyists than did Raytheon, Northrup Grumman, Lockheed Martin, and Boeing -- major players
in the defense-industrial complex !!!
Let that sink in.
OldNewB 11 hours ago
"Journalists must be allowed to report the news in the public interest without fear of
harassment or harm, wherever they are."
This hasn't happened in ages. What the large majority of MSM operatives (so called
"journalists" ) convey to the public is propaganda and agenda driven misinformation and
disinformation.
SummerSausage PREMIUM 12 hours ago
Obama spying on Trump and Fox reporters - meh.
Same Obama intelligence services spying on WaPo & leftist reporters - FASCIST
Mute Button 11 hours ago
We're supposed to be outraged even though Trump & co. know they're being "spied"
on.
Its just a game of the uniparty.
Ivy Mike 8 hours ago
Yawn. Smart phones have swiss cheese security. Who knew.
If you have a secret that you really don't want people to know, don't put in on a device
that ever touches the internet. Don't talk about important stuff on a phone call. Any mob
boss from the 70's could tell you that.
MeLurkLongtime 5 hours ago
I would add if you have Alexa, don't converse on any sensitive topics in front of her,
either.
_0000_ 9 hours ago remove link
" Pegasus is a very advanced malware that infects iOS and Android devices to allow
operators of the spyware to copy messages, photos, calls and other data, including
secretly activate microphones and cameras."
This is a non-story. Lots of smoke, lots of brew-ha-ha.
Why is THIS a jaw dropping story now when the NSA/CIA have been doing this to ALL iOS
and Android devices years ago? RE: CALEA , signed into law in 1996 by Bill Clinton.
Just more misdirection... meant to distract from something else. What?
Rectify77 PREMIUM 10 hours ago
Isn't it odd that Iran, Russia and China are not on the map? Who are the Israelis
playing?
NAV 10 hours ago
Isn't is amazing that Russia is giving asylum to Edward Snowden who will be arrested and
inflicted with only God knows what if captured by the USA?
Market Pulse 13 hours ago
And we are surprised, why??? Everyone's phones are spied upon with all the data
collected. All part and parcel of the NWO and the "Information Age". How else are they
going to get all that information to control everything. And just think, once upon a time,
there were no cell phones and the people were fine. They also were happier and much more
free. Hint - ditch the phone!
dog breath 4 hours ago
Hello? This stuff has been going on for two decades. Bill Binney, former NSA, been
talking about this since after 911. Five eyes is a way over going around internal rules.
Every country does this. Russia, China, EU, USA, Australia, etc. are all spying on their
own citizens. This world is turning into a corrupt crap pile and I'm waiting for the Lord
to come.
Barcode scanners and flashlight apps... who installs these? Phones come with these features
already baked in.
I assume some of it is just old stuff people just re-download without thinking. Android
hasn't always had a built in flashlight app (and am I crazy in that the early ones required
root?). And I'm pretty sure that's the same with QR readers. I hadn't realized that Google Lens
was a QR scanner until fairly recently.
Google has
removed this month 25 Android applications from the Google Play Store that were caught stealing Facebook credentials.
Before being
taken down, the 25 apps were collectively downloaded more than 2.34 million times.
The malicious
apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.
According to a
report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors,
wallpaper apps, flashlight applications, file managers, and mobile games.
The apps offered
a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what
app a user recently opened and had in the phone's foreground.
If the app was
Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login
page (see image below: blue bar = actual Facebook app, black bar = phishing page).
Image: Evina
If users entered credentials on this phishing page, the malicious app would log the data and send it to a remote server located at
(the now-defunct) airshop.pw domain.
This archived TechRepublic Premium report, originally published in February 2015, is available for free to
registered TechRepublic members. For all the latest research reports, 100+ ready-made policies, IT job
descriptions, and more, check out TechRepubli...
Research
provided by
TechRepublic
Premium
Evina said it
found the malicious code that stole Facebook credentials in 25 apps they reported to Google at the end of May. Google removed the
apps earlier this month, after verifying the French security firm's findings. Some of the apps had been available on the Play Store
for more than a year before they were removed.
The full list of
25 apps, their names, and package ID, are listed below. When Google removes malicious apps from the Google Store, the company also
disables the apps on a user's devices and notifies users via the Play Protect service included with the official Play Store app.
But how about using an Android phone as a GPS tracker? It may not be the most reliable option, and it does comes with some not-so-insignificant
drawbacks, but it can get the job done if you're desperate. Here's how to turn your Android phone into a GPS tracker.
Note: These instructions are based on a Samsung Galaxy S8 running Android 8.0 Oreo, but the steps should be relatively similar
for most Android devices.
Tracking With Native Android Features
Most Android devices released in 2014 or later have a built-in feature called Find My Device (formerly called Find My Android).
This service constantly pings your device's location back to Google's servers so that
Google knows where
your device is . You can then use Google's web interface to see where your device is at any given time. You'll need a Google
account to use this feature.
How to Enable Find My Device on Android
Navigate to your device's Settings .
Tap on Lock screen and security .
Tap on Other security settings . (This step may be unnecessary depending on your particular device and Android version.)
Tap on Device admin apps . (This step may be called Device Administrators depending on your particular device and Android
version.)
Tap Find My Device .
Tap Activate .
Note: In order to activate this service, you'll need to allow four permissions: 1) the ability to erase all data, 2) the ability
to change your screen unlock password, 3) the ability to lock the screen, and 4) the ability to turn off functions on the lock screen.
Advertisement
The nice thing about Find My Device is that it's not just a tracker -- it lets you control the device from afar in the above-mentioned
ways. Learn more in our
overview of Find My Device .
How to Use Find My Device on Android
Once enabled, all you have to do is launch a web browser, navigate to the
Find My Device dashboard , and sign into your Google account
(the same one associated with your device).
Once you're logged in, select the device you want to locate, click the Locate button for said device, and it'll show its last
known location and how long ago it was last spotted. It's fairly accurate in my experience, but I live in an urban environment; it
can be off by up to 20 meters in areas with poor GPS visibility.
Tracking With Third-Party Android Apps
If you don't like Find My Device for whatever reason, you can always resort to one of the many third-party alternatives available
on the Google Play Store. These apps are easy to install and you don't really have to do anything beyond creating an account to use
them.
There are two that we recommend:
1. Lookout : Lookout is an all-in-one
security solution where device tracking is just one of its many features. As such, it might be too bloated if device tracking is
the only feature you're interested in. But if your device currently lacks a good antivirus app, you might as well use this one and
kill two birds with one stone.
2. Prey : In practical usage, Prey is very
similar to Find My Device. Its one big advantage is availability across multiple other platforms, including Windows, Mac, Linux,
and iPhone, so you can track ALL of your devices from anywhere.
Once your device is set up as trackable, whether using Find My Device or a third-party app, there's only thing left to do: attach
the device to the person or object that you want
to track . Obviously, this is much easier said than done.
Want to know how to track a car with a cell phone?
The easiest and most effective option is to use a magnetic car mount . Most two-piece kits come with a magnetic insert (that you
place inside your device case) and a magnetic base (that you attach to whatever you want to mount). With a good model, the magnetic
force should be strong enough for your phone to "snap" onto the base and stay there securely.
The improvements will allow users to take better advantage of the phone's voice
recording functionality, as it will be able to turn the recordings into text even when
there's no internet connectivity. This presents a new competitor to others in voice
transcriptions that are leveraging similar AI advances, like Otter.ai, Reason8, Trint and
others, for example.
As Google explained, all the recorder functionality happens directly on the device --
meaning you can use the phone while in airplane mode and still have accurate
recordings.
"This means you can transcribe meetings, lectures, interviews, or anything you want to
save," said Sabrina Ellis, VP of Product Management at Google.
The Recorder app was demonstrated onstage during the event, live, and was offering --
from what was shown -- an error-free transcription.
"... With the inaugural "Huawei AppGallery" emerging with the Mate 30, the company has now positioned itself on an investment trajectory to create a new "Huawei core" to compete with the world of Google-led Android systems outright. ..."
"... Beyond Apple and the iPhone, the Android operating system dominates in the global smartphone market. Describing it as an "operating system" is barely fitting; it might otherwise be described as "an ecosystem" with a wide range of Google orientated services within it. ..."
"... They include the popular browser Chrome, the YouTube video service, Google mail and, most critically, the "Google Playstore," which, owing to its popularity, attracts more developers and investors than any other unofficial App stores. This "ecosystem" creates a "web of comfort" which effectively entrenches the consumer in the Android orbit. ..."
"... p until May 2019, Huawei was a part of this orbit. Its subsequent estrangement from Android owing to the American government's decision has forced some difficult choices. It has made markets keen to observe how the Mate 30 will perform given its lack of Google applications and the need for users to obtain some apps through third-party stores. ..."
"... So, the question is: How are they now adapting and making that transition? Bengt Nordstrom of North Stream research in Sweden notes that "they have a strategy to become completely independent from U.S. technology. And in many areas, they have become independent." ..."
"... Huawei's announced bid to invest over 1 billion U.S. dollars in developing its own application "core" or ecosystem. This, in essence, is an effort to get developers to establish applications for the new "Huawei App store" and thus establish a self-reliant, independent path from the world of Android. ..."
"... To achieve this, the company has pledged a competitive revenue sharing scheme of 15 percent to developers, half of that what Apple and Google demand for participation in their own app-stores. ..."
September 21, 2019
Huawei's pivotal moment
By Tom Fowdy
Huawei launched its Mate 30 series on Friday, the first new device produced by the
Shenzhen telecommunications firm since it has been blacklisted by the United States
government and excluded from American technology markets.
The subsequent result of the listing had led Google to sever ties with the company and
prohibit new devices from using its Play Store services and operating system, something which
ultimately impacts the Mate 30 Series, which is using an open-source version of Android.
The impact of it all has led Western commentators to ask questions about Huawei's future
in Western smartphone markets, particularly what applications can it access.
However, not all is bleak, and what may start off as a hindrance for the company is set to
transform into an opportunity. The United States' assault on the company has forced Huawei to
innovate.
With the inaugural "Huawei AppGallery" emerging with the Mate 30, the company has now
positioned itself on an investment trajectory to create a new "Huawei core" to compete with
the world of Google-led Android systems outright.
In this case, what seems like a detriment is part of a broader pivotal moment for Huawei.
The company's portfolio is about to change forever.
Beyond Apple and the iPhone, the Android operating system dominates in the global
smartphone market. Describing it as an "operating system" is barely fitting; it might
otherwise be described as "an ecosystem" with a wide range of Google orientated services
within it.
They include the popular browser Chrome, the YouTube video service, Google mail and,
most critically, the "Google Playstore," which, owing to its popularity, attracts more
developers and investors than any other unofficial App stores. This "ecosystem" creates a
"web of comfort" which effectively entrenches the consumer in the Android orbit.
U p until May 2019, Huawei was a part of this orbit. Its subsequent estrangement from
Android owing to the American government's decision has forced some difficult choices. It has
made markets keen to observe how the Mate 30 will perform given its lack of Google
applications and the need for users to obtain some apps through third-party stores.
So, the question is: How are they now adapting and making that transition? Bengt
Nordstrom of North Stream research in Sweden notes that "they have a strategy to become
completely independent from U.S. technology. And in many areas, they have become
independent."
First of all, we are well aware that Huawei is developing its own Harmony Operating System
as a contingency measure, although it has not chosen to apply it to the Mate 30 as an olive
branch to Google.
Second, and most excitingly is Huawei's announced bid to invest over 1 billion U.S.
dollars in developing its own application "core" or ecosystem. This, in essence, is an effort
to get developers to establish applications for the new "Huawei App store" and thus establish
a self-reliant, independent path from the world of Android.
To achieve this, the company has pledged a competitive revenue sharing scheme of 15
percent to developers, half of that what Apple and Google demand for participation in their
own app-stores.
This effort is combined with a wider scope in research and development from the company,
which is also designed to forfeit dependence upon American technology chains in terms of
critical components and other parts.
We have already seen massive investment pledges from Huawei to build new research and
development centers in the United Kingdom, Belgium, Italy and Brazil. They are not empty
promises, but a serious and strategic effort.
In this case, what was intended to be a political effort to destroy and contain Huawei is
likely to prove a pivotal turning point in the company's history with huge repercussions for
global smartphone and technology markets.
Instead of having once been reliant on and thus beneficial to American technology markets,
the outcome is that Huawei will re-emerge independent of and competing against it.
Armed with a pending new operating system, a new application development drive and a
broader research effort, what seemed otherwise a detriment is likely to bring a massive
opportunity. Thus, it is very important to examine the long-term prospects for the company's
fortunes ahead of short-term challenges.
The App Store also instituted the idea of tech products being part of a
vertically-integrated, closed platform. Apple and Google (with its Google Play store) became
the dominant platform owners for mobile, because their scale and network effects made them the
gatekeepers for companies that wanted to enter the mobile market and access the app
marketplace. Even a company with as much power as Microsoft could do nothing to break the mobile
duopoly .
So whatever your
opinion of Google's Huawei snub, it certainly demonstrates just how much power Google has,
and how that power is centralized. For phone makers, Google is the only option -- Apple being
its own walled garden -- and for app makers and consumers alike, the App Store and Google Play
are the only existing choices.
This is hardly a secret or conspiratorial. Huawei has
long been attempting to develop its own operating system , precisely to prevent such
situations as this. Similarly, despite being the largest Android vendor by far, Samsung still
has its own Tizen operating system. Building your business on someone else's platform leaves
you at their mercy. There's also the question of user experience: Consumers can't actually buy
books on the Kindle app on an iPhone or iPad, because Amazon understandably wants to avoid the
30 percent cut that Apple takes on its operating system.
Perhaps a closed app store linked to a platform has outlived its early usefulness. Not only
does it cement power among entrenched companies, it also puts up barriers to competition. This
idea isn't so radical. Recently,
the Supreme Court ruled that Apple's customers can sue the company under antitrust law for
monopolistic behavior for the way in which it takes that 30 percent of everything on the app
store. There are technical avenues forward: Progressive Web Apps, or PWAs, operate in a more
open, more platform-neutral manner, and have significantly improved in functionality recently;
they could offer a more neutral way for companies to offer apps outside the constraints of an
app store.
The US ban on Huawei is pushing it to
develop alternative systems that may rival Google and Android
Google cuts Huawei off Android; so Huawei may migrate to Aurora. Call it mobile Eurasia
integration; the evolving Russia-China strategic partnership may be on the verge of spawning
its own operating system – and that is not a metaphor.
Aurora is a mobile operating system currently developed by Russian Open Mobile Platform,
based in Moscow. It is based on the Sailfish operating system, designed by Finnish technology
company Jolla, which featured a batch of Russians in the development team. Quite a few top
coders at Google and Apple also come from the former USSR – exponents of a brilliant
scientific academy tradition.
In 2014, Russian entrepreneur Grigory Berezkin started co-owning Jolla, and from 2016 his
Mobile Platform company started developing a Russian version of the operating system. In 2018,
Rostelecom, a state company, bought a 75% share in Open Mobile Platform.
Ahead of the St Petersburg International Economic Forum last week, Huawei chairman Guo Ping
discussed the possibility of adopting Aurora with Russian minister of digital development and
communications, Konstantin Noskov. According to Guo, "China is already testing
devices with the Aurora pre-installed. "
In Moscow, before moving to St Petersburg, Presidents Putin and Xi Jinping discussed
multiple possible deals; and these include Huawei-Aurora, as well as where to locate some of
Huawei's production lines in Russia.
Google, here we come
Aurora could be regarded as part of Huawei's fast-evolving Plan B. Huawei is now
turbo-charging the development and implementation of
its own operating system, HongMeng , a process that started no less than seven years ago.
Most of the work on an operating system is writing drivers and APIs (application programming
interfaces). Huawei would be able to integrate their code to the Russian system in no time.
"... "so long as they are transparent with the users about how they are using the data." ..."
"... In practice, this means that any app that shares your private data with advertisers must disclose this fact in their privacy policy. This is seen first in a pop-up box that includes a note that the app wants permission to "read, send, delete and manage your email." However, information about the marketers this data is shared with can often be more difficult to find. ..."
"... In their letter to the company, the senators claim that one marketing company, Return Path Inc, read the private contents of 8,000 emails to train its AI algorithms. ..."
"... "not limited to your name, email address, username and password." ..."
"... At least 379 apps available on the Apple and Android marketplaces can access users' email data. In Google's letter to Congress, the firm declined to say when, if ever, it has suspended an app for not complying with its rules. ..."
"... Google itself has mined users' emails since Gmail was launched in 2004, but announced last year that it would stop the practice, amid privacy concerns and a federal wiretapping lawsuit. ..."
"... "discuss possible approaches to safeguarding privacy more effectively." ..."
"... Everything you've ever searched for on any of your devices is recorded & stored by Google https://t.co/8KGgO0xT92 ..."
"... Like this story? Share it with a friend! ..."
Omnipresent tech giant Google told US senators that it lets third-party
apps read data from Gmail accounts and share this information with marketers, even though
Google itself allegedly stopped this practice last year. In a letter sent to the lawmakers in
July and made public on Thursday, Google said that developers may share your data with third
parties for the purposes of ad-targeting, "so long as they are transparent with the users
about how they are using the data."
In practice, this means that any app that shares your private data with advertisers must
disclose this fact in their privacy policy. This is seen first in a pop-up box that includes a
note that the app wants permission to "read, send, delete and manage your email."
However, information about the marketers this data is shared with can often be more difficult
to find.
Google's letter came in response to a request by Republican senators for information about
the scope of the email content accessible to these third parties. In their
letter to the company, the senators claim that one marketing company, Return Path Inc, read
the private contents of 8,000 emails to train its AI algorithms.
Return Path told the Wall Street Journal at the time that, while it did not explicitly ask
users whether it could read their emails, permission is given in their user agreements, which
state that the company collects personal information including but "not limited to your
name, email address, username and password."
At least 379 apps available on the Apple and Android marketplaces can access users' email
data. In Google's letter to Congress, the firm declined to say when, if ever, it has suspended
an app for not complying with its rules.
Google itself has mined users' emails since Gmail was launched in 2004, but announced last
year that it would stop the practice, amid privacy concerns and a federal wiretapping
lawsuit.
Now, privacy officials from Google, Apple and Amazon are preparing to travel to Capitol Hill
next week, for a Commerce Committee
hearing . There, the tech companies will be asked to "discuss possible approaches to
safeguarding privacy more effectively."
Everything you've ever searched for on any of your devices is recorded & stored by
Google https://t.co/8KGgO0xT92
The hearing is another in a series of grillings faced by the tech industry since the
Cambridge Analytica privacy scandal revealed in March that Facebook allowed a third party to
collect personal information on millions of users. Google CEO Larry Page was invited to a
Senate Intelligence Committee hearing on political bias, foreign interference and privacy on
tech platforms earlier this month, but declined to show up, sending a written testimony
instead.
(duo.com)
46Trailrunner7 writes:
Researchers have discovered a weakness in all version of
Android except 9 , the most recent release, that can allow an attacker to gather sensitive
information such as the MAC address and BSSID name and pinpoint the location of an affected
device. The vulnerability is a result of the way that Android broadcasts device information to
apps installed on a device. The operating system uses a mechanism known as an intent to send
out information between processes or applications, and some of the information about the
device's WiFi network interface sent via a pair of intents can be used by an attacker to track
a device closely.
A malicious app -- or just one that is listening for the right broadcasts from Android --
would be able to identify any individual Android device and geolocate it. An attacker could use
this weaknesses to track a given device, presumably without the user's knowledge. Although
Android has had MAC address randomization implemented since version 6, released in 2015, Yakov
Shafranovich of Nightwatch Cybersecurity said his research showed that an attacker can get
around this restriction.
Samsung announced Samsung DeX earlier this as a way for users to transform their mobile
phones into full-fledged desktops or workstations by attaching a monitor, mouse, and keyboard.
DeX is currently limited the Galaxy S8 and S8+, as well as Note 8, bringing you a desktop-like
experience powered by your smartphone.
And now, Samsung wants to expand the DeX's capabilities by introducing "Linux on Galaxy," a
new concept promising to bring the Linux PC experience to your mobile device. Linux on Galaxy
comes in the form of an app that you can install on your smartphone to run multiple Linux-based
operating systems.
"Although it's in a trial phase, Linux on Galaxy is our innovative solution to bring the
Linux experience on PC to mobile, and then further onto a larger display with Samsung DeX. Now
developers can code using their mobile on-the-go and with Samsung DeX, and can seamlessly
continue the task on a larger display," says Samsung.
Developers will be able to use
their favorite GNU/Linux distro
With the Linux on Galaxy app, developers will be able to use their favorite GNU/Linux
distribution on their mobile devices. When using Samsung DeX with Linux on Galaxy, users can
also run Linux apps that aren't available on their smartphones, which run Google's Android
mobile operating system, also powered by the Linux kernel.
Best of all, Samsung Linux on Galaxy will enable developers to use a fully functional
development environment to create content on a big screen, all powered by their Samsung S8/S8+
or Note 8 devices. At the moment, Linux on Galaxy is in heavy development, but you can find out
more about it at seap.samsung.com/linux-on-galaxy .
"... So far the feature, spotted by XDA Developers , has appeared in some, but not all devices with Android 7.1 Nougat. ..."
"... Google hasn't said anything about the feature-- XDA just happened to discover the code in a recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of them happen (four to be exact) in rapid succession (with less than a third of a second delay) then Android will override the app and bring back the home screen. This could apply to apps that just freeze, but also to rogue software that tries to intercept any and all actions, like malware or adware. ..."
If you can't dismiss an app by pressing the "back" button, it may just be a glitch or crappy app,
but it could also be something
much worse . That's why Google has quietly slipped in a new Android feature called "panic detection"
that can preemptively close an app if you stab at the back button multiple times. So far the
feature, spotted by
XDA Developers , has appeared in some, but not all devices with Android 7.1 Nougat.
Google hasn't said anything about the feature-- XDA just happened to discover the code in
a recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of
them happen (four to be exact) in rapid succession (with less than a third of a second delay) then
Android will override the app and bring back the home screen. This could apply to apps that just
freeze, but also to rogue software that tries to intercept any and all actions, like malware or adware.
It's a smart idea, because what's the first thing you do when you can't make an app go away? Frantically
pressing the back key is probably the first thing, so that will kill the app and allow you to uninstall
or disable it until you figure out the problem.
You'll have to enable the feature to get it to work, apparently. Google seems to be rolling it
out on a limited basis, and may in fact just be testing it, so it may be some time before it ends
up on your device.
"... it detected devices sending data about call history, text messages, the unique identifier of the mobile service subscriber, the device's unique identifier and call histories. ..."
"... It also found evidence that the software specifically searched text messages for key words and sent full text messages back to Adups servers in China. ..."
"... In May 2017 on the Cubot X16S device, we observed the user's call log, text message metadata, browser history, list of installed apps, list of apps used and unique device identifiers being exfiltrated by Adups," Kryptowire's Tom Karygiannis wrote the Observer in an email. ..."
In its November report, Kryptowire wrote that
it detected devices sending data about call
history, text messages, the unique identifier of the mobile service subscriber, the device's
unique identifier and call histories.
It also found evidence that the software specifically
searched text messages for key words and sent full text messages back to Adups servers in
China.
These messages were encrypted, but Kryptowire was able to find the key and decrypt
them.
Since the Kryptowire finding, Adups has reported that it is
no longer collecting
personally
identifiable information, but Kryptowire told Black Hat attendees that it has continued to
observe the same behavior, though more carefully hidden and not necessarily on Blu devices.
In
a November
statement
, Adups explained the searching and parsing of users' text messages by saying it
had created an application to screen and block promotional messages. It wrote, "In response to
user demand to screen out junk texts and calls from advertisers, our client asked Adups to
provide a way to flag junk texts and calls for users. [The] application flags texts containing
certain language associated with junk texts and flags numbers associated with junk calls and
not in a user's contacts."
Blu devices aren't the only ones to carry the Adups software, and Kryptowire has noted that
it behaves differently from device to device. Another maker of cheap Android phones, Cubot,
also uses Adups software. "
In May 2017 on the
Cubot X16S
device, we observed the user's call
log, text message metadata, browser history, list of installed apps, list of apps used and
unique device identifiers being exfiltrated by Adups," Kryptowire's Tom Karygiannis wrote the
Observer in an email.
On Wednesday, Kryptowire released additional technical details,
describing tests from
May
on Blu Grand M, LifeOne X2 and Advance 5.0 devices.
Subsequent to the Black Hat presentation, Amazon has closed off sales for the complete line
of
Blu Android phones
...
discovered
and blocked
a new family of Android malware developed by a cyber arms company that may have
its roots in state-sponsored spying efforts.
The malware!known as Lipizzan!contained references within its code to an Israeli tech firm
called Equus Technologies, which offers "tailor made innovative solutions for law enforcement,
intelligence agencies, and national security organizations."
In the
Android Developers Blog
, Megan Ruthven of Android Security and Ken Bodzak and Neel Mehta
of Google's Threat Analysis Group detailed the malicious software, which they called a
"multi-stage spyware product."
The researchers found Lipizzan had the ability to monitor and steal communications from the
device. The malware could hijack a user's email, SMS messages, location information, voice
calls and local media. It could also snap screenshots of the user's device and hijack the
camera to take pictures or record video.
When active, Lipizzan could steal data from a number of apps including Gmail, Google
Hangouts, LinkedIn, Facebook Messenger, Skype, Snapchat, popular messaging platforms like
WhatsApp and Viber and encrypted communications app Telegram.
Most troubling about Lipizzan was that it was found in apps on the Google Play Store
disguised as legitimate apps. The malware was most often found in apps posing at popular
utilities with names like "Backup" or "Cleaner." A second wave of apps containing the malware
posed as notepad, sound recorder, and alarm manager apps.
When a user would install one of the infected apps, the app would begin to download a
"license verification" that would examine the device. If the handset met certain criteria, the
second stage of Lipizzan would kick in and root the device while establishing a connection to
the Command and Control server operated by malicious actors to send back files and
recordings.
While the spyware was available to download through apps in the Google Play Store, Google
reported very few instances in which infections were found. According to the company's
findings, fewer than 100 devices had the malicious apps installed on their devices. Google
claimed that would make the infection rate only 0.000007 percent.
Lipizzan and the apps that contain it have been removed from the Google Play Store, and
Google recommends users make use of
Google Play Protect
, a security suite for Android
devices.
Google also advised users to download apps exclusively from the Google Play Store rather
than from third-party app stores and to disable installations from unknown sources. The search
giant also suggested keeping devices up to date with the most recent security patch.
While Google may have caught and eliminated Lipizzan, the company has run into a fair amount
of malware slipping through the cracks of its Google Play Store. Earlier this year, an adware
scheme managed to
infect 40 million phones
through Google's official marketplace.
If you can't dismiss an app by pressing the "back"
button, it may just be a glitch or crappy app, but it could also be something
much worse
. That's why Google has quietly slipped in a new Android feature called "panic
detection" that can preemptively close an app if you stab at the back button multiple times. So
far the feature, spotted by
XDA Developers
, has appeared in some, but not all devices with Android 7.1
Nougat.
Google hasn't said anything about the feature-- XDA just happened to discover the code in a
recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of
them happen (four to be exact) in rapid succession (with less than a third of a second delay)
then Android will override the app and bring back the home screen. This could apply to apps
that just freeze, but also to rogue software that tries to intercept any and all actions, like
malware or adware.
It's a smart idea, because what's the first thing you do when you can't make an app go away?
Frantically pressing the back key is probably the first thing, so that will kill the app and
allow you to uninstall or disable it until you figure out the problem.
You'll have to enable the feature to get it to work, apparently. Google seems to be rolling
it out on a limited basis, and may in fact just be testing it, so it may be some time before it
ends up on your device.
Citizen Lab, the University of Toronto group that monitors government surveillance in the digital
age, analyzed the recently discovered instance of the fake Qatif Today app in a blog post headlined
Police Story: Hacking Team's Government Surveillance Malware . The account provides a rare glimpse
into malware developed by "Hacking Team," a highly secretive outfit based in Italy that charges governments
top dollar for extremely stealthy spyware that's often referred to as a "lawful intercept" program.
The Trojan is known as an Android implant because it cloaks itself inside a legitimate third-party
app. People who are infected with it must first be tricked into obtaining the Android installation
package (APK) from a non-authorized source, which in this case was
this
now-shuttered Dropbox location . Aside from that, victims may have little indication anything
is amiss. To lend it legitimacy, the malicious APK was signed by a digital certificate that appeared
to be related to Java and its original creator Sun Microsystems. Citizen Labs identified six other
samples signed by the same certificate.
Once installed, the app establishes contact with command and control servers located at 91.109.17.189
and 106.186.17.60, which are addresses Citizen Lab has seen used in previous Hacking Team campaigns.
The implant also attempts to break out of its Android-imposed security sandbox by exploiting a
vulnerability in older Android versions on specific handsets that allows apps to gain unfettered
root privileges.
The trojan next tries to access local files stored by a variety of social media, chat, and call
apps including Facebook, Viber, WhatsApp, Skype, LINE, and QQ. The app has audio recording, camera,
video, key logging, and "live mic" capabilities, as well as a "crisis" module that provides anti-analysis
functionality. The researchers also found evidence of what appears to be location, screenshot-taking,
and browsing activity modules. The implant even seems to have a filter to specify date ranges to
narrow the mail and text messages it sends back to the control servers. (It's not clear what happens
when the app runs on Android versions that have patched the rooting vulnerability.)
"We also see information about how the implant exfiltrates data, along with its C2 servers," Tuesday's
post reported. "Interestingly, it appears that the implant is capable of monitoring the devices'
connectivity (e.g. Wi-Fi, cellular network), choosing connection type, and rate limiting the bandwidth.
Note that these are the same servers we observed in the implant's network communications."
The Citizen Lab researchers provided an overview of the remote control system (RCS) architecture
that works with Android trojans and trojans for other platforms. The architecture relies on a series
of system administrators, technicians, and analysts to funnel information pulled off an infected
device to the interested parties. Unverified screenshots an anonymous person provided to Citizen
Lab show RCS works on computers running Windows, Mac OS X, or Linux.
Citizen Lab
It comes with a dazzling number of capabilities, including:
Network Injection: via injected malicious traffic in cooperation with an ISP Tactical
Network Injection : on LAN or Wi-Fi Melted Application : bundling a Hacking Team dropper alongside
a bait application Installation Package : a mobile installer Exploit : document-based exploit
for mobile and desktop Local Installation : mobile installation via USB or SD card Offline
Installation: create an ISO for a bootable SDHC, CD, or USB. This option includes the ability
to infected hibernated and powered off devices QR Code: a mobile link that, when pictured,
will infect the target Applet Web: likely a malicious website (depreciated after v. 8.4)
Silent Installer: a desktop executable that will install the implant Infected U3 USB
: an auto-infecting U3 USB WAP Push Message : the target will be infected if the user
accepts the message (works on all mobile operating systems apart from iOS)
Citizen Lab researchers wrote:
The implant ("agent") offers one-click functionality for requesting information from target
devices. Technicians are encouraged to add functionality as needed.
... ... ...
Selection of available surveillance modules
Accessed files Address Book Applications used Calendar Contacts Device Type Files Accessed
Keylogging Saved Passwords Mouse Activity (intended to defeat virtual keyboards) Record Calls
and call data Screenshots Take Photographs with webcam Record Chats Copy Clipboard Record Audio
from Microphone
With additional Voice and silence detection to conserve space
Realtime audio surveillance ("live mic:" module is only available for Windows Mobile) Device
Position URLs Visited Create conference calls (with a silent 3rd party) Infect other devices
(depreciated since v. 8.4)
Other Capabilities
Once an implant is operational its collection operations can be updated. In addition files
can be sent to and received from the device.
In addition, implants have a default cap on "evidence" space of 1GB on the target device. Recording
of new material stops when the space is reached. Operators also have the ability to delete not-yet-transmitted
data on the device.
Programs such as RCS are marketed to governments as legitimate wares, but Citizen Lab points out
that many countries have few legal guidelines and little oversight for the way they're used.
"In light of the absence of guidelines and oversight, together with its clandestine nature, this
technology is uniquely vulnerable to misuse," the report warns. "By analyzing the tools and their
proliferation at the hands of companies like Hacking Team and Gamma Group, we hope to support efforts
to ensure that these tools are used in an accountable way, and not to violate basic principles of
human rights and rule of law." ,
Jun 24, 2014 9:47 PM
Quote:
The implant also attempts to break out of its Android-imposed security sandbox by exploiting
a vulnerability in older Android versions that allows apps to gain unfettered root privileges.
According to your link Dan, this affects only the Samsung Galaxy S3 or anything with Samsung's
Exynos chipset. It isn't an Android root exploit in general. It's already been patched a year
ago. blockquote
This is more interesting because all android apps are signed and if an app wished to update an
app already installed (and with the same name, otherwise it will show up as a separate app), it
has to have a matching signature.
When does lawful intercept cross the line into total surveillance? Post-Snowden, the concept
of lawful intercept has no meaning when everything can be intercepted and used at a later time.
Better question: How is this lawful to begin with? Unless they set things up so that, in theory,
only terrorists and other *valid* targets of surveillance download then app, I don't see how it
could be given the uproar over the stuff Snowden released
The SHA-256 hash for the file is 8e64c38789c1bae752e7b4d0d58078399feb7cd3339712590cf727dfd90d254d
.
According to
this VirusTotal report, this program is currently detected by the following programs:
Avira AntiVir - Android/FakeInst.ES.4
Baidu-International - Trojan.Android.FakeInst.bES
ESET - a variant of Android/Morcut.A
Kaspersky - HEUR:Trojan-Spy.AndroidOS.Mekir.a
ThreatTrack VIPRE - Trojan.AndroidOS.Generic.A
Five out of fifty-three program, or a little under 10%. I'm sure the detection rate will go up
in the next 24 hours to (or at least, near) 100%, though.
blockquote
Better question: How is this lawful to begin with? Unless they set things up so that, in theory,
only terrorists and other *valid* targets of surveillance download then app, I don't see how it
could be given the uproar over the stuff Snowden released
Consider the likely target of the malware. It is someone using a news app focusing on a Saudi
Arabian province. It assumes that the target will be connected in social media (Facebook and Whatsapp)
and making international calls (Skype, QQ, and Viber). It was spread through twitter. This app
is not targeting terrorists, it is targeting journalists and activists. Most likely it was produced
for the security services of Saudi Arabia. If it's "lawful" for Saudi Arabia to jail and torture
human rights activists I have no doubt they consider it "lawful" to spy on them as well. I doubt
the monarchy is concerned with adding spying to its long list of human rights violations.
MatthewSleeman wrote: blockquote
aleph_nought wrote: blockquote
Better question: How is this lawful to begin with? Unless they set things up so that, in theory,
only terrorists and other *valid* targets of surveillance download then app, I don't see how it
could be given the uproar over the stuff Snowden released
Consider the likely target of the malware. It is someone using a news app focusing on a Saudi
Arabian province. It assumes that the target will be connected in social media (Facebook and Whatsapp)
and making international calls (Skype, QQ, and Viber). It was spread through twitter. This app
is not targeting terrorists, it is targeting journalists and activists. Most likely it was produced
for the security services of Saudi Arabia. If it's "lawful" for Saudi Arabia to jail and torture
human rights activists I have no doubt they consider it "lawful" to spy on them as well. I doubt
the monarchy is concerned with adding spying to its long list of human rights violations.
True, although I doubt they're the only country that would benefit from such a tool.
BTW when is the IOS version coming out? I can't image just running a different brand would provide
the needed security?
there has been several stories about iOS malwares used by government agencies.
others, aimed at high value targets, would use 0day flaws (browser exploits, PDF exploits,...).
so far, haven't heard of any such malware targeting WP7/8, but that's probably due to market share.
Interestingly, such spying toolkits still have modules for Windows Mobile 6 (that might be explained
by the fact it was much easier to develop malware on that old platform without sandboxing or modern
memory protection features)
All of these app permissions are shared by and android app named "MobileTracker 1.0", which comes
with many of the cell phones straight from the manufacturers. The full list of MobileTracker 1.0
is scary and this app cannot be disabled. It smells a lot like another CarrierIQ to me. Be aware
of this app.
And what about regular users android insecurity? Is not this is a huge problem with Google
serving as as a channel for spying on us?
Notable quotes:
"... "The absolutely minimum Trump could do to protect our nation is to use a secure device to protect him from foreign spies and other threats," said Senator Ron Wyden, a Democrat from Oregon on the Intelligence Committee. "It would be irresponsible in the extreme for the commander in chief to use an unsecure device that could be easily hacked or intercepted." ..."
"... "There are a lot of questions, but it is clear there are often vulnerabilities in our phones and internet systems - and it is critical that people take precautions to ensure their sensitive information is protected from hackers and other malicious actors," said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union. ..."
"... In 2009, President Barack Obama fought to become the first president with a smartphone; though he won, the use of a White House-issued secure device came with many rules. ..."
President Trump has carried his Twitter habit into his presidency. He has also brought with him
another tech habit that is causing concern.
Mr. Trump has been using his old, unsecured Android phone to post on Twitter since moving to Washington
late last week.
The president's desire to use his old, personal smartphone raises concerns that its use could
be exposing him and the nation to security threats.
He is using the Android smartphone mainly to post on Twitter, not to make calls. But it's unclear
what security measures have been put in place on the device and how vulnerable he could be to someone
stealing data or breaking into his Twitter account.
The White House did not respond to a request for comment.
Twitter requires a connection to the internet, which exposes the device to security vulnerabilities
if proper measures like two-factor authentication - a password and a code texted to a phone, for
example - are not in place. If he uses the smartphone on an unsecure Wi-Fi network, he could be exposing
his location and other personal information on the device.
"The absolutely minimum Trump could do to protect our nation is to use a secure device to
protect him from foreign spies and other threats," said Senator Ron Wyden, a Democrat from Oregon
on the Intelligence Committee. "It would be irresponsible in the extreme for the commander in chief
to use an unsecure device that could be easily hacked or intercepted."
Among the concerns by security experts:
It is unclear if the device and its functions like texting are encrypted to thwart hacking. The
device could be more vulnerable to hacking if used on unsecured Wi-Fi and cellular networks, such
as when Mr. Trump travels between meetings or anywhere outside the White House. Hackers could
access the device to turn on the camera and microphone. Stingray devices, a type of surveillance
tool often used by law enforcement, can track a device's location and other information.
"There are a lot of questions, but it is clear there are often vulnerabilities in our phones
and internet systems - and it is critical that people take precautions to ensure their sensitive
information is protected from hackers and other malicious actors," said Neema Singh Guliani, legislative
counsel with the American Civil Liberties Union.
The president's use of the personal device is particularly notable given his criticism of Hillary
Clinton for using a personal email address and server when she was secretary of state.
In 2009, President Barack Obama fought to become the first president with a smartphone; though
he won, the use of a White House-issued secure device came with many rules.
"As president, he is the biggest sitting target in the world," said Kevin Bankston, the director
of New America's Open Technology Institute.
Security researchers have found
malware hidden in the firmware of several low-end Android smartphones and tablets , malware
which is used to show ads and install unwanted apps on the devices of unsuspecting users. 26 Android
device models have been found to be vulnerable. The common link between all these devices is that
all are low-cost devices, mostly marketed in Russia, and which run on MediaTek chipsets.
According to security researchers from
Dr.Web , a Russian antivirus
vendor, the malware appears to have been added to the firmware by "dishonest outsourcers who took
part in [the] creation of Android system images decided to make money on users." The security
firm has informed MediaTek and the device vendors about this issue so the affected companies can
inspect their distribution chain and find the possible culprits.
Posted by
BeauHD
on Tuesday December 20, 2016 @07:45PM
from the
buyer-beware
dept.
Long-time Slashdot reader
emil
writes
about how
ADUPS
, an Android
"firmware provisioning" company specializing in both big data collection of
Android usage and hostile app installation and/or firmware control, has been
found pre-loaded on
Barnes and Noble's new $50 tablet
:
(onthewire.io)
42
Posted by msmash
on Wednesday November 30, 2016 @12:25PM
from
the
security-woes
dept.
Reader
Trailrunner7
writes:
A new version of an existing piece of malware has emerged in some third-party
Android app stores and researchers say
it has infected more than a million devices around the world
, giving the
attackers full access to victims' Google accounts in the process. The malware
campaign, known as Gooligan, is a variant of older malware called Ghost Push
that has been found in many malicious apps. Researchers at Check Point recently
discovered several dozen apps, mainly in third-party app stores, that contain
the malware, which is designed to download and install other apps and generate
income for the attackers through click fraud. The malware uses phantom clicks
on ads to generate revenue for the attackers through pay-per-install schemes,
but that's not the main concern for victims. The Gooligan malware also employs
exploits that take advantage of several known vulnerabilities in older versions
of Android, including Kit Kat and Lollipop to install a rootlet that is capable
of stealing users' Google credentials.Although the malware has full remote
access to infected devices, it doesn't appear to be stealing user data, but
rather is content to go the click-fraud route. Most users are being infected
through the installation of apps that appear to be legitimate but contain the
Gooligan code, a familiar infection routine for mobile devices.
My recommendation is doing this with the apps that will never need to connect to the
Internet when not at home. This includes file managers and apps that you would never think to connect
to the Internet in the first place. While it doesn't prevent malware or data leaks specifically,
this practice can help you to troubleshoot potentially bad apps.
As a general rule, I recommend always restricting apps from using mobile data unless
it's necessary. Others might point you to using software firewalls. Instead I prefer using carefully
thought out hardware firewall on my LAN with logging. If something besides allowed ports are being
used for that device, the ports will be blocked. This practice might not stop crazy ads and other
ad related weirdness, but it could prevent other more dangerous surprises by restricting port access
at the network level.
The problem I have with Android firewalls is that many of them are by no-name companies
which I've never heard of. They ask for heavy permissions and their support email is an @gmail.com
address. Personally, I don't find all that secure. I'd much rather have some control over which apps
are connecting to the Internet. I may grant some exceptions (SMS apps, etc), but I keep a tight leash
otherwise.
Restricting application installation
I'd love to tell you that every single application on the Google Play Store is well vetted. The
truth is that isn't true – period. This means it's easier to get applications with more features
than you might find on other platforms, but it also means you need to be careful about what you're
installing.
The first rule of installing Android applications is to only do so from trusted sources. I'm not
talking about installing apk packages vs Google Play. You need to know the source and company
behind the application before trusting it completely. Like many of you, I've been known to make exceptions...but
even then I'm careful about the permissions I grant the software.
To be clear, I would trust an apk package from a vendor's website I trust more than
I would some random Google Play app that I know nothing about. Why? Because Google Play on its own
merit doesn't promise security. There is still some user responsibility for maintaining a secure
Android experience. That said, I would suggest you're safer downloading random apps on Google Play
than some mysterious forum page's listed apk packages.
Public wifi and VPN
No matter what software you choose to install, more often than not the biggest security
threat comes from your browser. When you're using a public wifi access point, you're taking a significant
risk each time you login to anything important. Much of this is mitigated thanks to SSL and https
secured websites, such as banking and some email websites. But there are still countless other sites
out there where you could be sending your login credentials to anyone around you monitoring your
connection.
I suggest looking into a reliable VPN service. There are some good ones, but I suggest
doing your own research. Some might question how a VPN tunnel secures your Android device. I would
submit that it provides an added layer of encryption to your online web browsing activities. And
while the encryption ends on the other end of the tunnel, at least your activity isn't broadcasted
to other users sharing the same public wifi access point.
... ... ...
Cassie October 26 2015 07:37 PDT
I am glad you mentioned that nothing is 100% secure as well. I think so many people expect
to make their device completely hack-proof and that just cannot happen. As you mentioned, anything
connected to the internet can be hacked, but you can do many things to make them harder to hack.
SecureThoughtsC October 05 2015 02:03 PDT
Great point about using a VPN, a lot of people don't know how vulnerable they are doing their
banking at the local coffee shop. I do think security software is worth it, I am in the same camp
as you there. It might not be bulletproof but I do believe something is better than nothing.
Mines is constantly turning on by itself, even had apps turn on, my data has been used up since
the 1st and it takes me 3 wks to do that, it calls people on it's own, I have 2 security apps
and sometimes it's icon disappears from the top of screen, my browser constantly fail, I can't
access my employee email from my cell anymore, when I'm on FB I often have to "like" a post several
times for it to take, same with sharing??
I've changed my sims card and battery and am still having problems??
And it goes completely bonkers around my place of employment to the point that I either can't
make or receive calls?? I just bought this phone in Feb/14 and it's the exact same one I had before
that lasted a year!
I even got a call a month later telling me that my email had been hacked and got disconnected,
when I called back it was one of those numbers that doesn't allow you to call back.....
Kasandra 4 months ago
+Karen Handy Hi Karen,
Did the issue get solved? What and who was it? If you don't mind my asking? Do you have any
recommendations? Such as things to avoid? Some apps are pretty dodgy and also I accidentally click
on ads that pop up often, especially from links on Facebook. Also I'm sure there are many people
who can hack than we think, I think if you have your bluetooth on it makes it easier?? Obviously
they're not going to let on because then what would be the point in hacking. Are there any sure
signs? Yours seem pretty legit.
Eddie Leal 1 year ago
Please forgive my ignorance folks but I am not up to speed with all the latest apps/gadgets
and widgets for cell phones but don't some cell phones come with the capability of re-formatting
it to factory default status. I always thought this meant that any/all programs that were not
part of the original package with the phone would be wiped out from the phones memory. I guess
if you feel nervous about doing this yourself you could take it to a service center and pay through
the nose to have this done. Heck! YouTube and google are full of instructional videos/pdf files
how to accomplish this on your particular model phone. As far as what the gentlemen in the video
stated, I am not quite sure it is accurate to say that the carrier will do this for you.They typically
sell you the phone but if you need technical support you have to go elsewhere...right?? Any ideas
from the tech savvy folks out there? Please advise.
LTraveler83 3 years ago in reply to Виктор Марков
Check your phone bill when it comes in for any weird messages or downloads or even phone calls
during that time. Treat electronic devices like the ears and eyes of your grandmother. This means
if you wouldn't say it to her, you probably should type it or say it too close to anything that
could be spied upon.
Some thought of RMS about modern situation software spying on users.
Farzin F 5 months ago
To the uploader: Regarding CC BY ND: the MIT Open Course Ware videos on YouTube use CC by NC.
Yet, since there is no option for this, MIT chooses the standard youtube license. That's probably
the best choice. Not CC BY
Revelations about the detailed location records stored on smartphones indicates just how much
information companies including Apple and Google are able to gather. \
But it's not just the phone-makers – apps on your phone are hungry for your personal info
too. So is your phone snooping on you?
Here, we reveal what you need to know – and whether you can do anything about it
Dogoodnow, 16 July 2014 12:04pm
Another problem with Android (as far as I can see, as implemented on an early Samsung Note)
is that it keeps turning on apps that you have or think you have turned off or force closed.
Especially true of all the Google related material?
StockBet -> Dogoodnow, 16 July 2014 1:16pm
Watch the PBS documentary called "United States of Secrets" and what they said about Google.
fragilegorilla -> StockBet, 16 July 2014 1:23pm
There's also a very good documentary available on Netflix right now called "terms and conditions
may apply".
It covers this constant snooping and what we actually sign away when we tick those little
'I accept' boxes.
You can't stop or de-install Google's core apps on any mainstream Android device.
The only way around this is to use an open install like CyanogenMod.
tr1ck5t3r -> dourscot, 16 July 2014 2:04pm
CyanogenMod has had its own bugs will facilitate snooping though. However as the Play
store app is not installed by default, its worth checking the terms and conditions when a CyanogenMod
user install it.
supermarine -> fragilegorilla, 16 July 2014 7:37pm
I've watched it…I was tickled by the revelation that a number of people had signed their souls
to the devil.
Fred1, 16 July 2014 12:09pm
I really can't see the point of most Apps.
Sure WhatsApp and Viber are useful but the vast majority are just websites made for phones.
And they're free so there's a catch.
I hate using WhatsApp and Viber because I know they're as about as secure as using a microphone
on a busy high street and the people behind it our mining the shit out of my data. However I use
them because they're a useful.
I just wish you could choose. Whore your data or pay for the service. The internet should be
about getting £1 from billions of people but instead nowadays its just about whoring data. It's
most likely all bull shit like investing in sub-prime mortgages but hey lets pretend this data
has any value.
My approach is to download very few apps, never give my location, never use social media (because
I don't understand why it exists) and never say anything vaguely interesting on WhatsApp, Viber
or indeed CIF. If you don't believe me read this comment.
Westmorlandia -> KatyEB, 16 July 2014 12:12pm
Yes, and so many pre-installed, that you can't delete. Still I prefer it to my old iPhone.
This is easily the worst thing about Android - endless unwanted apps that take up storage space,
use memory, and can't be removed. It's incredibly annoying - it's like they're stealing part of
the phone I paid for.
Westmorlandia, 16 July 2014 12:11pm
Because of the opacity of the system, it's crying out for consumer protection regulation.
Unfortunately governments like collecting our data too, so are actually quite keen for this
sort of data collection to go on.
pretendname -> Westmorlandia, 16 July 2014 12:24pm
Any reasonable left or right centre government, would move to ban Google Glass immediately.
But our government has tipped into fascism.
There is a reasonable argument that banning these devices would not be 'progressive'. By which
they mean, you can't put a genie back in the bottle. But this is simply rationalising away fascism.
We ban or blacklist new technologies all the time, it's just that we've chosen not to deal
with this one because it helps our government suppress anything they might see as seditious.
This wholesale surveillance of citizens is simply wrong. Just like secret trials and detention
without charge.. is simply wrong.
afinch -> pretendname, 16 July 2014 1:23pm
Any reasonable left or right centre government, would move to ban Google Glass immediately.
Eh? Do you think concealed cameras should be illegal? Telephoto lenses? Small microphones?
Spy equipment far more covert, and far cheaper, than Google glass has been available for decades.
What's liberal about banning an underpowered wearable camera that costs too much?
pretendname -> afinch, 16 July 2014 1:29pm
It's not the camera that's the problem with Google glass.. It's that it's a network enabled
camera which is permanently switched on and recording, and is reporting your location and everything
you see and hear to the government, and worse, a company.
Now if you restricted yourself to looking at members of your own family that's ok.. but if
you're going to wear it on a bus, it's going to record not just your movement, but through facial
recognition, the moments of everyone you see.
Can't you see any danger in that?
fallenrider -> pretendname , 16 July 2014 3:09pm
But it doesn't actually do that though does it?!
It records when you tell it to record, not constantly. But don't let facts get in the way or
your paranoia hey.
pretendname -> fallenrider, 16 July 2014 3:35pm
Have you been asleep for the last 2 years. Google, have been actively working with the
NSA to provide every single piece of information about you that they can.
But of course... I'll have to take your word for it because you are clearly a Google Employee
on the Glass project.
Otherwise.. how would you know what it does or doesn't do?
LegoRemix -> pretendname, 16 July 2014 4:21pm
As has been repeated over, and over again. No tech company is actively working with the NSA.
What happened is they got served National Security Letters that *force* their cooperation with
government demands. If they don't comply, their businiess is shut down.
You can moan about a lot of other things tech companies do, but this is literally a 'gun to
the back of the head' scenario for them
pretendname -> LegoRemix , 16 July 2014 4:26pm
I'm not sure...
Eric Schmidt has been attending Bilderberg for the last few years.
From that I surmise that he is fully on board.
But.. even if tech companies are forced into this, the result is the same. It is a bizarre
situation in which, given full details and facts, people still deny reality.. even while it's
happening.
You couldn't make it up.
Google glass has a camera which is potentially permantently switched on.
That camera can be picking out faces, mapping those faces to some sort of engram, and http posting
them off to gootle with a location and date stamp, or storing that list of information locally
for later upload.
If it can do it... Recently revelations seem to suggest, it is doing it.
MtnClimber -> afinch, 16 July 2014 5:47pm
It's far worse now than before "smart phones" Before, spying was done on an individual basis.
One person wanted to spy on another.
Now, with smartphones, everyone is under surveillance. Google glass is an extension of the
spy phones that we all carry. It is getting worse by the day.
robinaldlowrise -> LegoRemix, 16 July 2014 10:18pm
No tech company is actively working with the NSA.
Of course they aren't (cough). Nobody is working with the NSA. The NSA is an evil unto itself
alone (cough).
Bluecloud, 16 July 2014 12:14pm
My Android tablet came with Google Maps, which requires permission to access all my contacts,
all my WLAN info as well as my location (of course, it's satnav device) and lots of other personal
info. Their demand for ever greater intrusion into my life increases with every update.
This is a high price to pay for such apps. Beware!
swishy -> Bluecloud , 16 July 2014 12:25pm
I can see a future not too far ahead where these phones will be the only available option
which will basically trap people in the system. Permission to access personal info may not
necessarily be requested and ability to turn off GPS might not be possible. There's a gloomy picture
to be going on with.
beedoubleyou -> Bluecloud , 16 July 2014 12:29pm
I don't understand the price. Nobody has anything to gain by knowing any of my contacts, especially
me.
Nialler, 16 July 2014 12:14pm
My experience with the Galaxy was that in order to use a lot of the functionality I had to
register with Google. This gives them my e-mail, my network, my location (if using the GPS)
my buying preferences etc.
Sod that.
My wife used the GPS to find an address and when we arrived a photo of the house popped up
on the screen. I find all this terribly intrusive.
If someone stopped you on the street and asked you those questions you'd tell them to fling
their hook.
tilw -> Nialler, 16 July 2014 12:44pm
My way of handling Google and similar accounts is to give Google my email address at another
on-line "everything including the kitchen sink" service and vice versa.
Both the email addresses are eminently disposable and neither of them point to any of my actual
"real" email addresses. It can be a bit of a pain keeping track of which service has which disposable
address, but it's worth it.
This technique also pretty quickly reveals which "services" have passed email addresses
on to spammers either knowingly or otherwise.
blipvert -> tilw, 16 July 2014 12:55pm
Google started to get a bit sniffy about this kind thing a while ago, and Boss Man Schmidt
declared Google+ to be an identity service, and only real names would do.
Fortunately, they have recently abandoned this Big Brother approach in a desperate attempt
to actually get customers to use Google+.
MasterPale -> Nialler, 16 July 2014 1:35pm
Registering with Google is only necessary in order to buy apps from Google's app market.
There are other sources of apps such as Samsung, Amazon, app developers websites, app review
websites. Of course you have to register with these sources too but the process is generally less
intrusive.
You can disable and uninstall Google apps such as Gmail, Google search, Maps etc.
And install alternatives which do not gather your data such as Hotmail, Hushmail, Firefox browser
with ad-blockers and anti-trackers, DuckDuckGo or StartPage search engines, and Bing maps or TomTom
(if there is no app use your phone browser to access the websites - create a bookmark and you
have instant map service).
People are often afraid to edit their phone/tablet, a fear promoted by the dire pop-up warnings
that if you turn off x it will melt your phone. No it wont!
Do not install junk apps. You can expect them to be infested with spyware and to involve 'in-app
purchases'. Choose quality apps, recommended by reliable reviews. When installing an app, buy
the paid version and save money on data long-term.
'Free' apps invade your privacy, keep data turned on to feed you a stream of adverts.
You pay in lots of ways. It costs 69p for an app or maybe £2.99 for the expensive apps? And how
much is privacy worth to you? How much do you pay for data?
If you have not seen an Adam Curtis documentary nor watched the BBC's current documentary series
'Meet the Men Who Made Us Spend' (on iPlayer) then I recommend them. They are light and fluffy,
not overly intellectual, but they review the history of the last fifty years and the growth of
consumption and offer an explanation of why so many people are obese, we spend too much time and
money on pointless consumption, and are politically oppressed. It might make you decide you don't
need so many gadgets or that you don't need so many apps on your gadgets. It will certainly make
you reject 'smart things' and the continuing infantilisation and passification of the population.
dourscot -> Nialler, 16 July 2014 1:41pm
But you can log out of Google. This doesn't solve your problem with other apps but it's not
as bad as you suggest.
ConanOB -> Nialler , 16 July 2014 4:48pm
You buy an iPhone, apple asks for you credit card number, expiration date and you need to create
and email account and use a back up email account if you are imperfect and might someday forget
your password.
Everything comes at a price, the more secured and locked down you want your smartphone to be,
expect to pay a premium price for it.
It is not difficult for phone companies to retrieve text messages etc and time, date and
duration of calls you made every day.
Just stay away from apps like the flashlight app that needs access to your microphone or any
app that request access to your contacts.
NotANumbers -> MasterPale, 18 July 2014 1:05am
I use F-Droid. It is a repository of free and open source applications. If you don't trust
one, you can just have a look at the source code, providing you can understand it, and heck, even
if you can't, you could still download, safe in the knowledge that there will inevitably be more
eyes viewing the code and therefore less chance you'll have a malicious or snooping application.
swishy, 16 July 2014 12:18pm
I have one of those Samsung Galaxy Note phones. It's a work phone so doesn't actually belong
to me. I just switch off the WIFI and GPS which is hopefully enough to stop my location being
tracked.
ThisFieldIsBlank -> swishy , 16 July 2014 12:26pm
No it isn't! You will still be tracked as the phone continuously send signals to the network
to check for signals. Even Brick phones do it, it is an inherent feature of mobile or cellular
phones.
bargepoled2, 16 July 2014 12:19pm
With android kit kat 4.4 you can activate or deactivate each apps location settings.
At least 80 percent of all audio calls are gathered and stored by the NSA, whistleblower William
Binney has revealed. The former code-breaker says the spy agency's ultimate aim is no less than total
population control.
The National Security Agency lies about what it stores, said William Binney, one of the highest
profile whistleblowers to ever emerge from the NSA, at a
conference in London
organized by the Center for Investigative Journalism on July 5. Binney left the agency shortly after
the 9/11 attacks on the World Trade Center because he was disgusted at the organizations move towards
public surveillance.
"At least 80 percent of fiber-optic cables globally go via the US," Binney said.
"This is no accident and allows the US to view all communication coming in. At least 80 percent of
all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it
stores."
Binney has no evidence to substantiate his claims as he did not take any documents with him when
he left the NSA. However, he insists the organization is untruthful about its intelligence gathering
practices and their ultimate aim. He says that recent Supreme Court decisions have led him to believe
the NSA won't stop until it has complete control over the population.
"The ultimate goal of the NSA is total population control," Binney said, "but I'm
a little optimistic with some recent Supreme Court decisions, such as law enforcement mostly now
needing a warrant before searching a smartphone."
During his speech at the conference, Binney praised spy-turned-whistleblower Edward Snowden for disseminating
the classified documents that revealed the NSA's global spy programs. The latest revelations showed
that contrary to the NSA's claims, the majority of information the agency gathers is from ordinary
citizens with no connection to terrorism.
Washington has defended its spy programs, claiming that the NSA targets individuals with connections
to known terrorist groups to thwart attacks. Binney said this was a lie and the NSA had stopped
"zero attacks" with its intelligence gathering programs.
One of the main factors that has allowed the NSA to increase its spy programs is the lack of oversight
in the US, argues Binney. In particular, he took issue with the Foreign Surveillance Court (FISA),
which oversees the issue of search warrants against people suspected of terrorism. Binney believes
the court is meaningless and always sides with the US government.
"The Fisa court has only the government's point of view," he said. "There are no
other views for the judges to consider. There have been at least 15-20 trillion constitutional violations
for US domestic audiences and you can double that globally."
Revelations about US global spy programs have sparked mass indignation, with one American judge
saying the surveillance was almost Orwellian in nature. German Chancellor Angela Merkel also compared
US intelligence policy to the antics of the Stasi secret police in the former East Germany.
I'm as against NSA surveillance as the next guy, but I say BS.
Why? Consider a 1 minute phone call at 50 kbps would require storage of 3MB. Further assume
an "average" phone call is 3 mins and there are 12.4 BILLION phone calls per day worldwide,
capturing 80% of that traffic for 365 would require 33 MILLION terabytes of storage PER YEAR.
Your calculation is much higher than the actual requirements for 2 reasons:
1. 50 kbps isn't needed for voice communications. 5-6 kbps is enough.
2. You didn't take data compression into account.
Sunshine 12.07.2014 20:31
The current security/intelligence services are a vile stain on the memories and sacrifices
of those who fought and died in the hope of preserving the freedoms that this country was founded
upon and we cherish(ed) in our hearts.
Its the height of irony....you want to pull out all the stops to defend our country and way
of life by destroying it....
Remember, the greatest trick the devil ever pulled was convincing the world he did not exist.....we
did not know (for sure) the devil was walking amongst, and destroying our way of life, until Snowden,
Drake and Binney opened our eyes and minds.....
Otto Moser 12.07.2014 19:31
SUPER !
So that Austrian radio comedian, who phoned the US Embassy, asking for a back-up of his daughter's
birthday party video, because he claimed to have inadvertently deleted it, was absolutely within
reality !
Naturally, the Embassy was not amused !
Fįbio O. Ribeiro 12.07.2014 14:47
iPhone deserves a new name: iNSAmike. Ha, ha, ha... I will not have one.
Emmett 12.07.2014 14:23
NSA is doing what Hoover did as the long time US FBI director. He spied on and blackmailed
US presidents and other politicians so they could never oust and with all the dirt he had on those
politicians masquerading as pillars of the community he forced them to do what he wanted them
to do.
We see proof on a massive scale the NSA uses the Hoover blueprint to blackmail politicians but
have take it a step further with technology to gather information on even more people.
Kenneth T. Tellis 12.07.2014 12:35
What the NSA is now doing, was what the U.S. government accused the Soviets of doing. If that
be the case how is it legal? Which means that Obama Regime is in violation of both the U.S. Constitution
and Civil Rights. No nation can ever trust the good intentions of the present U.S. government.
So much for Democracy in America, an absolute FARCE!
The German publication Der Spiegel
has revealed new details about a secretive hacking unit inside the National Security Agency called
the Office of Tailored Access Operations, or TAO. The unit was created in 1997 to hack into global
communications traffic. Hackers inside the TAO have developed a way to break into computers running
Microsoft Windows by gaining passive access to machines when users report program crashes to Microsoft.
In addition, with help from the CIA and FBI, the NSA has the ability to intercept computers and other
electronic accessories purchased online in order to secretly insert spyware and components that can
provide backdoor access for the intelligence agencies. American Civil Liberties Union Deputy Legal
Director Jameel Jaffer and journalist Glenn Greenwald join Democracy Now! to discuss the latest revelations,
along with the future of Edward Snowden.
Glenn Greenwald:
"I think everybody knows by now, or at least I hope they do after the last seven months reporting,
that the goal of the NSA really is the elimination of privacy worldwide-not hyperbole, not metaphor,
that's literally their goal, is to make sure that all human communications that take place electronically
are collected and then stored by the NSA and susceptible to being monitored and analyzed. But
the specifics are still really important to illustrate just the scope and invasiveness and the
dangers presented by this secret surveillance system.
And what the Der Spiegel article details is that one of the things that the NSA is
really adept at doing is implanting in various machines-computers, laptops, even cellphones and
the like-malware. And malware is essentially a program that allows the NSA, in the terminology
that hackers use, to own the machine. So, no matter how much encryption you use, no matter how
much you safeguard your communication with passwords and other things, this malware allows the
NSA to literally watch every keystroke that you make, to get screen captures of what it is that
you're doing, to circumvent all forms of encryption and other barriers to your communications."
AMY GOODMAN: So, I mean, just to be really specific, you order a computer, and it's coming
UPS, or it's coming FedEx, and they have it redirected to their own-you know, to the NSA, and they
put in the malware, the spyware, and then send it on to you?
GLENN GREENWALD: Correct. That's what the Der Spiegel report indicates, based on the documents
that they've published. But we've actually been working, ourselves, on certain stories that should
be published soon regarding similar interdiction efforts.
And one of the things that I think is so amazing about this, Amy, is that the U.S. government
has spent the last three or four years shrilly, vehemently warning the world that Chinese technology
companies are unsafe to purchase products from, because they claim the Chinese government interdicts
these products and installs surveillance, backdoors and other forms of malware onto the machinery
so that when you get them, immediately your privacy is compromised. And they've actually driven
Chinese firms out of the U.S. market and elsewhere with these kinds of accusations. Congress
has convened committees to issue reports making these kind of accusations about Chinese companies.
And yet, at the same time, the NSA is doing exactly that which they accuse these Chinese companies
of doing. And there's a real question, which is: Are these warnings designed to steer people away
from purchasing Chinese products into the arms of the American industry so that the NSA's ability
to implant these devices becomes even greater, since now everybody is buying American products out
of fear that they can no longer buy Chinese products because this will happen to them?
... ... ...
AMY GOODMAN: Let's get back to Glenn Greenwald. Glenn, I just read the first couple of
paragraphs of the piece in Der Spiegel about the garage doors that wouldn't open because the garage
door openers were actually operating on the same frequency of the NSA, which was really vastly expanding
in San Antonio at the time. But could you take it from there? The significance of this and this Tailored
Access Operations, this particular unit, and how significant it is?
GLENN GREENWALD: Yeah, one thing I think that it underscores, this was in a community that
had no idea that there was this gargantuan NSA hacking unit that had sprawled up in its community,
and it shows just the power of how much they're doing, that they just simply shut down the electric
devices of an entire community that didn't know that they were even there.
But the TAO, the Tailored Access Operations unit, is really remarkable because the government, the
U.S. government, has been warning for many years now about the dangers of hackers, both stateless
hackers as well as state-sponsored hackers from China and from Iran and from elsewhere. And the
reality is that nobody is as advanced or as prolific when it comes into hacking into computer networks,
into computer systems, than the NSA. And TAO is basically a unit that is designed to cultivate
the most advanced hacking operations and skills of any unit, any entity on the Earth. And so, yet
again, what we find is that exactly the dangers about which the U.S. government is shrilly warning
when it comes to other people, they're actually doing themselves to a much greater and more menacing
degree than anybody else is. And that's the significance of this particular unit inside of the
NSA, is they do all of the most malicious hacking techniques that hackers who have been prosecuted
by this very same government do and much, much more.
It's logical to assume that similar capabilities exist for Android, possibly co-developed with Google...
In other words smartphone is nothing, but a gateway to peruse everyone's "private" data at will.
Following up on the latest stunning revelations released yesterday by German Spiegel which exposed
the spy agency's 50 page catalog of "backdoor
penetration techniques", today during a speech given by Jacob Applebaum (@ioerror)
at the 30th Chaos Communication
Congress, a new bombshell emerged: specifically the complete and detailed description of how
the NSA bugs, remotely, your iPhone. The way the NSA accomplishes this is using software
known as Dropout Jeep, which it describes as follows: "DROPOUT JEEP is a software implant
for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality.
This functionality includes the ability to remotely push/pull files from the device.
SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower
location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data
connection. All communications with the implant will be covert and encrypted."
The flowchart of how the NSA makes your iPhone its iPhone is presented below:
NSA ROC operator
Load specified module
Send data request
iPhone accepts request
Retrieves required SIGINT data
Encrypt and send exfil data
Rinse repeat
And visually:
What is perhaps just as disturbing is the following rhetorical sequence from Applebaum:
"Do you think Apple helped them build that? I don't know. I hope Apple will clarify that. Here's
the problem: I don't really believe that Apple didn't help them, I can't really
prove it but [the NSA] literally claim that anytime they target an iOS device that it will succeed
for implantation. Either they have a huge collection of exploits that work against Apple products,
meaning that they are hoarding information about critical systems that American companies produce
and sabotaging them, or Apple sabotaged it themselves. Not sure which one it
is. I'd like to believe that since Apple didn't join the PRISM program until after
Steve Jobs died, that maybe it's just that they write shitty software. We know
that's true."
Or, Apple's software is hardly "shitty" even if it seems like that to the vast majority of experts
(kinda like the Fed's various programs), and in fact it achieves precisely what it is meant to achieve.
How ironic would it be if Blackberry, left for dead by virtually everyone, began marketing its
products as the only smartphone that does not allow the NSA access to one's data
(and did so accordingly). Since pretty much everything else it has tried has failed, we don't see
the downside to this hail mary attempt to strike back at Big Brother and maybe make some money, by
doing the right thing for once.
We urge readers to watch the full one hour speech by Jacob Applebaum to realize just how massive
Big Brother truly is, but those who want to just listen to the section on Apple can do so beginning
44 minutes 30 seconds in the presentation below.
fuu:
"This functionality includes the ability to remotely push/pull files from the device."
Super handy for:
Planting kiddie porn on a phone.
Planting images of pressure cookers on a phone.
Planting contact lists on a phone.
Planting calendar events on a phone.
Planting internet history on a phone.
Planting GPS history on a phone.
Bad Attitude
Very good points. I hope criminal defense attorneys are paying attention. Evidence collected
from phones or computers cannot be trusted.
Forward (over the cliff).
DaveyJones
Great comment. And the best example of how "modern technology" is a blessing and a curse. A
despot's wet dream to track everywhere you go, everything you say, and when you say something
wrong, to correct your "criminal record"
It' a nightmare
Dave Thomas
Remember that pesky national ID card they kept talking about 2005~2008? Guess we don't need
one now lol.
sleigher
It is just complete and total own! That is all... They have to survive across reboots/rebuilds
and access "new" deployments. Can't do that with just the software.
I just like the sound of the thousands of voices screaming out from the conspiratard websites
across the planet for total vindication. I have read about hacks like these for years and seen
many shoot them down about tin foil hats and all that nonsense.
Just wait til we hear about the built in radios in all modern cpu's that can be activated by
satellite. Then will people get mad? no...
tip e. canoe
BUT BUT BUT, if BB is compromised, that would mean that all the Truly Useful Idiots that have
been using BB phones thinking they were secure are compromised too!!! that would mean the entire
System could be manipulated by anyone who has access to that closet full of dirty secrets!!!
Holy Spitzer, Batman!!!
NoDebt
I've always assumed my cell phone was an open book to government agencies just like
I've always assumed that Social Security won't be there for me when I retire.
The only thing left in both cases is the proof.
In the cell phone/computer tracking stuff... we'll know soon enough. It's heading to the Supreme
Court where Roberts will likely be the deciding vote, as he was on Obamacare. Then we won't have
to argue whether it's Constitutional or not. It will be deemed Constitutional, with few if any
limits, and that will be the end of the discussion.
A top download from Google Play, the main Android marketplace is a spyware...
December 06, 2013
Soulskill&
chicksdaddy writes "The Federal Trade Commission announced on Thursday that it settled with
the maker of 'Brightest Flashlight Free,' a popular Android mobile application, over charges that
the company used deceptive advertising to collect location and device information from Android
owners.
Statistics from the site indicate that it has been downloaded more than one million times
with an overall rating of 4.8 out of 5 stars.
The application, which is available for free, displays mobile advertisements on the devices
it is installed on.
However, the device also harvested a wide range of data from Android phones which was shared
with advertisers, including what the FTC describes as 'precise geolocation along with persistent
device identifiers.'
As part of the settlement with the FTC, Goldenshores is ordered to
change its advertisements and in-app disclosures to make explicit any collection of geolocation
information, how it is or may be used, the reason for collecting location information and which
third parties that data is shared with."
A research paper from the University of Cambridge has outlined how PIN numbers used on smartphones
can be recorded by hijacking the device's camera and microphones.
The news is especially worrying as the rise of mobile banking means that PIN numbers entered
into smartphones are often used to secure more than just the phone's basic functionality.
The researchers, Laurent Simon and Ross Anderson, used a custom piece of software called
PIN Skimmer to grab the PIN numbers. This program hijacks phones' microphones to detect when you
tap the touchscreen and then syncs this with data from the camera to work out where on the screen
you pressed.
For example, when right-handed individuals press a button in the top left hand corner of
their phone's screen they often tilt the phone towards their thumb with their supporting fingers.
This changes position of the user's face as recorded by the front-facing camera, giving the program
a unique marker that corresponds with a number on screen.
The research was carried out on a pair of Android-powered smartphones, a Nexus S and Galaxy S3,
and under test conditions PIN Skimmer was able to work out more than 50 per cent of four digit PIN
numbers after five attempts and 60 per cent of eight digit numbers after ten attempts.
One step in the malware's process even presents users with a game where they have to match
pairs of icons that appear onscreen. The program can record data from the camera during the game
and then use this as a reference guide, matching how the user appears in the camera to where they've
touched the screen.
The researchers suggested methods of obstructing the malware, but noted that randomising
the order in which numbers appear on an onscreen keypad would "cripple usability" whilst employing
longer PIN number would affect "memorability and usability".
More "drastic" solutions included getting rid of passwords altogether in favour of face
recognition or fingerprint scanners, although neither of these methods are yet common.
"If you're developing payment apps [for mobiles], you'd better be aware that these risks
exist," Professor Anderson told the
BBC.
Xunlei - a BitTorrent service primarily used in China and backed by Google - was caught spreading
malware to both Windows PCs and Android devices
A Google-backed file sharing service has been discovered spreading malware to thousands of Windows
and Android users.
An investigation by security company Eset has revealed that Xunlei has been
spreading malware named "Win32/Kankan" to Windows and Android users, signed with the company's security
certificate.
"The company officially admitted during a press conference that some of its employees have used
company resources to create and distribute this program. The degree to which Xunlei Networking Technologies
is implicated is hard to tell from the outside," said Joan Calvet from Eset
in
a blog post.
The Xunlei software is very popular in China and has about 30% of world BitTorrent users, making
it the
most used BitTorrent client for the service, which allows
peer-to-peer file sharing.
The BitTorrent protocol breaks each file to be shared into small chunks and sends them across the
internet between computers. Parts of the complete file can be hosted on many different computers,
and the whole reconstructed by pulling the parts from different machines.
Effectively evading detection
It is unclear how the malware, which was specifically programmed to avoid detection by security
software and analysts, was initially spread.
A "dropper" program named "INPEnhSetup.exe" posed as a Windows installer, which once activated
contacted a server across the internet – a domain owned and operated by Xunlei - and "dropped" or
installed three further malicious programs onto the system.
One of the programs, a plugin for the Microsoft Office applications Word, Excel and PowerPoint,
then installed itself within the Windows Registry, ensuring that it was loaded every time an Office
application is run.
When run, the Office plugin scanned the computer for analysis tools such as the Windows task manager,
and quickly shut down if one was found running on the system, effectively evading detection by the
computer user or a security analyst.
If the program failed to detect any running computer analysis tools, it began sending user information
such as the version of Windows being used to a remote server.
The malware also included an updater that automatically checked a server for new versions of the
programs, installing updates when they became available.
Another application installed alongside the Office plugin silently installed applications onto
Android phones that were connected to the infected computer.
Using the USB connection, the "installphoneapp" installed applications, including three separate
Chinese app stores, and a phone call app that claimed to offer cheap phone calls.
Chinese
Android programs installed by the malicious applications. Photograph: Eset
"Overall, the motivation behind the installation of these particular mobile applications remains
unknown," said Calvet.
The applications were only installed if the Android phone connected had a security setting disabled,
which enables developer actions over USB on the phone – something often required for Android software
modifications and operating system customisation, as well as by certain Android backup programs.
"We've seen desktop malware attempt to install Android malware before, but not through the application
of Android's ADB. Pushing it to Android phones like that is novel," said Rik Ferguson vice president
of security research at Trend Micro.
A lot of mobile malware is specific to China
The focus on China meant that the risk of the Trojan spreading was low, according to Ferguson.
"Of course, the risk of Android malware infection is massively increased by rooting, which this
malware example partly targeted, because you are specifically disabling crucial built-in security
services," he said.
More rooted phones exist in China, mainly due to the restrictions on apps and services, which
require users to circumvent blocks to get access to many of the applications freely available in
the UK and the US.
"We see a lot of mobile malware that is specific to China, like a lot of other malware," explained
Ferguson. "For example, we see malware targeted at stealing virtual goods in gaming environments
only in China."
According to data collected by Trend Micro, there are 1.15m malicious or high-risk Android apps
currently circulating as of 12 October, which is significantly higher than estimates based on malware
growth seen in 2012, showing that the problem is increasing dramatically.
Pushing the installer out to infected machines
It remains unclear whether Xunlei's BitTorrent client was used to spread the malware. Since August,
Xunlei made available an uninstaller application, which users could download and remove the problem
manually.
Using the company owned and operated servers, which the malware automatically contacted, Xunlei
also pushed out the installer to infected machines.
The
daily number of infections has dropped dramatically, according to data from Eset.
According to Eset's data, the daily number of infections has dropped significantly since Xunlei's
remedial actions.
Russian anti-virus company Doctor Web is warning users about a new Trojan
for Android that is stealing confidential information from South Korean users.
It is similar to other Trojans for Android, but unlike other malignant programs with
a comparable payload, it exploits an Android vulnerability to bypass anti-virus scanning, which significantly
increases the potential risk for Android device owners. Currently, the program's main home turf is
South Korea; however, its future modifications will likely spread to other countries.
The new Trojan, dubbed by Dr.Web as Android.Spy.40.origin,
is spread by means of unwanted SMS messages containing a link to an apk file. Among cybercriminals
in Southeast Asia (mainly South Korea and Japan), it is currently one of the most popular techniques
for spreading Android malware. Once Android.Spy.40.origin
is installed and launched, it requests access to OS administrative features, removes its icon from
the main screen, and covertly maintains its operation in the system.
Then the Trojan connects to a remote server from which it receives further instructions. In particular,
Android.Spy.40.origin can perform the following tasks:
Intercept inbound short messages and upload them to the server (messages are hidden from the
user).
Block outgoing calls.
Send a list of contacts or installed applications to the server.
Remove or install the application specified in the received command.
Send a message with a defined text to a specified number.
This malicious program can pose a severe threat because it intercepts messages that may contain
confidential information, personal and business correspondence, bank account information and mTAN-codes
used to verify transactions. In addition, the contacts list acquired by cybercriminals can then be
used to send bulks of SMS spam and mount phishing attacks.
However, Android.Spy.40.origin's
principal distinguishing feature is its ability to exploit an Android vulnerability to avoid detection
by anti-viruses. To conceal the malware, attackers modified the Trojan's apk file (an apk file is
a standard zip archive with a different extension).
According to the zip file's format specification, the archive header for each compressed file
within it includes the field 'General purpose bit flag'. A zero bit fixed in this field indicates
that the files in the archive are encrypted (password protected). In other words, despite the absence
of a password, when a bit is set to 1, the file must be treated as encrypted.
As you can see in the picture above, under normal circumstances, a password prompt is displayed
when one tries to unpack such zip files, but due to a flaw in Android, the zero bit is ignored, which
allows a program to be installed. In contrast with an operating system that has this vulnerability,
various anti-virus programs are obligated to correctly handle the field 'General purpose bit flag',
and as such, assume that the file is password-protected and thus not in need of scanning
even if the definition for the malicious file contained in the apk package is in the virus database.
Doctor Web's engineers promptly made adjustments to its Dr.Web for Android anti-virus so that
it successfully detects malware that makes use of the exploit described above. However, Android users
are strongly recommended to exercise caution and refrain from installing suspicious applications
and clicking on links in unwanted SMS messages.
Android 4.2 marks the launch of a powerful new security system built right into the platform.
The key component is a real-time app scanning service that instantly checks apps put on your device
for any malicious or potentially harmful code.
The feature is an extension of the security technology
Google introduced
for the Play Store this past February. While that technology worked exclusively on the server
side, analyzing apps that were uploaded to the Play Store, the new system works with your
device and scans any apps you install from third-party sources (a process known as "sideloading").
"We view security as a universal thing," Android VP of Engineering Hiroshi Lockheimer tells me.
"Assuming the user wants this additional insurance policy, we felt like we shouldn't exclude one
source over another."
Following
typical Google fashion, the new scanning service is completely opt-in: The first time you install
an app from a source other than the Play Store -- including a third-party app market like Amazon's
app store -- Android pops up a box asking if you want such applications to be checked for "harmful
behavior." (There's also a checkbox in the "Security" section of the 4.2 system settings that lets
you turn the service on or off at any point.)
Initial confirmation aside, everything with the new security system
happens seamlessly and almost instantaneously behind the scenes. Whenever you sideload an app, your
phone sends identifying information about the program to Google's servers. Google's servers then
analyze the info and compare it with the company's database of known applications.
"We have a catalog of 700,000 applications in the Play Store, and
beyond that, we're always scanning stuff on the Web in terms of APKs that are appearing," Lockheimer
says. "We have a pretty good understanding of the app ecosystem now, whether something's in the Play
Store or not."
If Google's servers recognize the app as a known safe program, your
installation will continue uninterrupted. If it matches it to an app that's known to be dangerous,
meanwhile -- a designation Lockheimer says is extremely rare for the platform -- the system will
prevent you from installing it. And if the app raises some red flags but no definite evidence of
harm, the system will alert you of the situation and let you decide whether you want to proceed.
All of that happens in a split second. I tried sideloading some
apps onto my
Nexus 4 review unit, and following the initial opt-in confirmation, I couldn't detect any noticeable
delay in the process compared to what happens on pre-4.2 devices.
"The server does all the hard work," Lockheimer explains. "The device
sends only a signature of the APK so that the server can identify it rapidly."
(Incidentally, Lockheimer tells me the new functionality is
not related to
Google's
recent acquisition of VirusTotal, a startup focused on online malware scanning; rather, it's
based completely on the app-scanning technology announced for the Play Store back in February.)
Accompanying the system is a new and improved app permissions screen
-- the screen that shows up anytime you install an app from outside of the Play Store. The new Android
4.2-level screen is cleaned up and far easier to read than what we've seen in the past.
And last but not least, Android 4.2 has an added behind-the-scenes
feature that alerts you anytime an app attempts to send a text message that could cost you money.
If an app tries to send an SMS to a known fee-collecting short code -- a number that'd automatically
bill your carrier when it receives a message -- the system jumps in and alerts you to the action.
You can then opt to allow or deny the process.
As I have understood correctly, Android 4.2 introduced SELinux enabled by default on kernel.
am I right? Is there anyway to disable it?
There are some of the apps might not work correctly.
Ex. Use mount command system wide stopped working
Is there anyway to disable it ? I check on VZW Galaxy Nexus - build JDQ39 - I am not sure what
is the Linux version - Either SELinux or Linux.
What is the benefit of using SELinux VS Linux on android device.
A:
No, it isn't enabled by default. There really isn't such a thing as enabled by default on Android,
each handset manufacturer sets the configuration and makes modifications when they make a new
device. Even if AOSP had it enabled by default in their kernels (which it doesn't) manufacturers
would have to enable it in their kernels.
SELinux is Linux, with mandatory access controls. Please read up on SELinux.
Even devices that will ship with SE Android (SELinux + Android middleware MAC) soon (e.g.,
the Galaxy S IV) has it in permissive mode by default. You'd need an MDM client to set it to enforcing.
It is possible to bypass the mount issue.
The trick is to use adb on the device itself to connect locally to the device and issue the
mount command through that. When running in adb you seem to get out of whatever jail prevents
mount from working in apps. I don't think it's SELinux releated, it seems to have something to
do with multiuser security and apparently lives mostly in the Android api's rather than at the
kernel level (console apps should access the mounts fine).
With 4.2.2 it's a bit harder as you now need a key setup for adb.
Have a look here, it's for the Nexus 10 but the basic principles should work on anything.
Cybercriminals adopt commercial availability DIY Android application decompiler/injector developed
to work exclusively with a publicly obtainable Android-based trojan horse, security expert Dancho
Danchev explains how it is possible to manage Android botnets in a recent
post, using commercially available tools it is possible to inject a pre-configured Android trojan
client into any applications.
The diffusion of malicious agents is possible in various ways depending on attackers, the botmaster
could spread the malware using compromised Web servers or through
DIY Google Dorks based hacking tools"and instead of monetizing the traffic by serving
client-side exploits, they can filter and redirect all the mobile device traffic to a fraudulent/malicious
Android application."
The offer is very attractive also due the cheap price, only $37 for this injector tool, in the
following image a few screenshots of the application in action.
Apparently the Android trojan has been designed by a group of four students for a university project
and has all the feature for this category of malware. Fortunately the malware has an hardcoded reference
to a centralized C&C infrastructure that make it easy to trace and bring down. The malware uses no-ip.org
as Dynamic DNS services to address to its control infrastructure.
It could be activated both via phone call or SMS and according the post it has the following features:
the capacity to steal an affected user's entire address book including all the relevant
contact information
get the incoming/outgoing calls history
get all the messages (SMS/MMS)
network/GPS based location tracking
real-time monitoring of incoming calls or messages
the ability to make a phone call/send messages with the user's his Caller ID
activate the device's microphone
initiate outgoing video streams
visit any given URL
forced vibration of the device
An interesting phenomenon observed by security researchers is the cybercriminal ecosystem is that
criminals are also showing an increasing interest in buy verified Google Play accounts, exploiting
their reputation in fact they could distribute Android bots to the users who trust/recommend a particular
developer.
Mobile malware black market is still not well developed for now, because cybercriminals mostly
use to directly attack mobile platforms instead to sell exploit toolkits and mobile malware. Andrey
Komarov from security firm Group-IB told me in a previous interview that the key properties of mobile
malware for
cybercrime are:
Using of well known brands including graphical design of famous applications or legal entities
(financial institutions, e-commerce, stock/e-trading applications, applications for social networking
and etc.);
The need of entering SMS or making phone calls to other numbers (sometimes it is done silently
after mobile malware will be installed on the system);
65% of installations – only on "jailbreaked" devices, 20% – through low verification of applications,
15% – through wireless channels (NFC, WPAN networks).
Security Expert are sure that we will assist to an explosion in the diffusion of mobile malicious
infrastructures and in particular for Android botnets, we must be prapared.
A dangerous Trojan that targets Google's Android mobile operating system has gained new nefarious
capabilities even as a new banking malware takes aim at the OS, according to security researchers.
Kaspersky Lab reported that mobile botnets are being used to distribute the Obad.a Trojan, which
can gain administrative rights on an Android device -- allowing its masters to do pretty much anything
they want with a handset.
Meanwhile, Eset revealed that a bad app it discovered earlier this month -- Hesperbot -- is actually
a mobile banking Trojan along the lines of Zeus and SpyEye, but with significant implementation differences
that make it a new malware family.
The Obad.a Trojan has been
closely watched by Kaspersky since the beginning of the summer, but it wasn't until recently
that researchers uncovered the unusual distribution method its handlers have been deploying.
"For the first time, malware is being distributed using botnets that were created using completely
different mobile malware," Kaspersky researcher Roman Unuchek wrote in a
blog.
Such distribution techniques are common in the desktop world, but their arrival in the mobile
space is another indicator that Android is becoming the
mobile equivalent of Windows for hackers.
"This approach, like other aspects of the Obad operation, mimics what we've been seeing in the
desktop ecosystem," Roel Schouwenberg, a senior researcher at Kaspersky, said in an email.
"In the Windows and Linux world, it's very common for malware and botnets to install other types
of malware for pay," he added. "So it's likely that we'll see further adoption of this strategy in
the mobile space as well."
Handsets are initially infected with the botnet software SMS.AndroidOS.Opfake.a through a poisoned
link in an SMS message.
The link promises to deliver a new MMS message to the target. If clicked, the botware will be
downloaded and the target asked to run it. If the target complies, SMS messages with the same MMS
pitch will be sent to everyone on the target's contact list. In addition, the botware will download
Obad.a, which sets up a backdoor on the handset that allows a botmaster to remotely control the device.
Other more conventional means are also used to distribute Obad.a, including SMS spam, links to
fake Google Play stores and redirection from poisoned websites.
That kind of multi-vector infection strategy isn't common yet in the mobile world. "Right now,
Obad is setting a new standard," Schouwenberg said. "We're still quite a bit away from multiple infection
vectors being the norm rather than the exception."
Up to now, Obad.a activity has been directed at populations in the states of the old Soviet Union,
although there has been some spillover into other countries. "For now, other countries are not where
the attackers' focus seems to be," Schouwenberg said.
Hesperbot also appears to have a limited geographic distribution -- primarily Turkey and the Czech
Republic. However, the campaign, may expand. "It's quite likely we'll see more instances of this
as time goes by," Eset Security Evangelist Stephen Cobb said in an interview. "I would expect we'll
see more attacks in more countries."
Hesperbot is spread by luring targets to an infected website with a poisoned link embedded in
an email or SMS message. The Czech scam sent targets to a website closely modeled on the landing
page of the country's postal service.
"The aim of the attackers is to obtain login credentials giving access to the victim's bank account
and to get them to install a mobile component of the malware on their Symbian, Blackberry or Android
phone," Eset researcher Robert Lipovsky wrote in a
blog.
He described Hesterbot as a very
potent banking Trojan with features such as keystroke logging, creation of screenshots and video
capture, setting up a remote proxy, creating a hidden VNC server on an infected system, intercepting
network traffic and HTML injection.
Other banking Trojans, like Zeus and SpyEye, perform those functions, too; what sets Hesperbot
apart is its use of new code to do those tasks. "It's not made with SpyEye or Zeus code," Evangelist
Cobb said. "That might sound like a technical distinction, but the fact that someone went to the
trouble to write a brand-new banking Trojan is indicative of the appeal that remains for the software."
That appeal will likely grow. "As more mobile capabilities are rolled out and mobile payments
become more widespread and ubiquitous, malware is going to follow," said George Tubin, senior security
strategist at Trusteer, an IBM company. "We're right at the beginning of it now."
He explained that improved security measures at larger banks have been driving cyber robbers downstream
to mid- and small-sized banks. "Now, they'll also be moving into the mobile channel, because banks
haven't deployed very sophisticated fraud detection technologies there yet," Tubin said.
Nevertheless, mobile infections can be avoided if a user is willing to avoid high-risk behavior.
"They're not going to get infected if they stick to downloading apps from Google Play or their employer's
app store," Randy Abrams, a research director at NSS Labs, said in an interview.
"There have been exceptions, and Google has allowed infected apps into their store," he continued,
"but the majority of apps on Google Play are going to be very safe -- as long as you don't consider
compromising your privacy a safety issue."
Congratulations, in addition to all our troubles, advertisement networks can now be used as hidden
channel for installing spyware. In other words, adware provides a channel for installing malware.
Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network
to siphon money from their victims.
The new method represents another step in the evolution of mobile malware, which is booming with
more smartphones shipping than PCs. Mobile ad networks open up the perfect backdoor for downloading
code.
"It's a very, very clean infection vector," said Wade Williamson, a senior security analyst at
Palo Alto Networks who
discovered the new trickery.
In legitimate partnerships between ad distributors and developers, the latter embeds the former's
software development kit (SDK) into the app, so it can download and track ads in order to split revenue.
Unfortunately, how well developers vet the ad networks they side with varies from one app maker
to another. If the developer does not care or simply goes with the highest bidder, then the chances
of siding with a malicious ad network is high.
Wiliamson found one such network's SDK embedded in legitimate apps provided through online Android
stores across Asian countries, such as Malaysia, Taiwan and China. Once installed, the SDK pulls
down an Android application package file (APK) and runs it in memory where the user cannot easily
discover it.
The APK typically waits until another app is being installed
before triggering a popup window that seeks permission to access Android's SMS
service.
"It doesn't have to go through the whole process of doing a full install," Williamson said. "It
just sits there and waits on the smartphone to install something else and then piggybacks in."
Once installed, the APK takes control of the phone's messaging service to send text to premium
rate numbers and to download instructions from a command and control server. The majority of
Android malware today, 77 percent, wring money from victims through paid messaging services,
said
Juniper Networks' latest mobile threat report.
Williamson has seen more than a half dozen samples of the latest malware, which he believes is
coming from one criminal group, while acknowledging multiple groups is possible.
Android users in Asia and Russia are more susceptible to Android malware, because many apps are
downloaded from independent online stores. In the U.S., most Android users take apps from the Google
Play store, which scans for malware and malicious ad networks.
Because of the effectiveness of the latest malware, Williamson expects criminals in the future
to use the same scheme to download more insidious malware capable of stealing credentials to online
banking and retail sites where credit card numbers are stored.
The same pathway could also be used to steal credentials for entering corporate networks.
"As soon as you have a vector like this, the difference between creating malware that sends spoof
SMS messages versus looks for the network and tries to break in is just malware functionality," Williamson
said.
Microsoft Corp. (MSFT), the world's
largest software company, provides intelligence agencies with information about bugs in its popular
software before it publicly releases a fix, according to two people familiar with the process.
That information can be used to protect government computers and to access the computers of terrorists
or military foes.
Redmond, Washington-based
Microsoft (MSFT) and other software
or Internet security companies have been aware that this type of early alert allowed the U.S. to
exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials.
Microsoft doesn't ask and can't be told how the government uses such tip-offs, said the officials,
who asked not to be identified because the matter is confidential.
Frank Shaw, a spokesman for
Microsoft, said those releases occur in cooperation with multiple agencies and are designed to give
government "an early start" on risk assessment and mitigation.
In an e-mailed statement, Shaw said there are "several programs" through which such information
is passed to the government, and named two which are public, run by Microsoft and for defensive purposes.
Willing Cooperation
Some U.S. telecommunications companies willingly provide intelligence agencies with access
to facilities and data offshore that would require a judge's order if it were done in the U.S., one
of the four people said.
In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and
companies are providing the information voluntarily.
The extensive cooperation between commercial companies and intelligence agencies is legal
and reaches deeply into many aspects of everyday life, though little of it is scrutinized by
more than a small number of lawyers, company leaders and spies. Company executives are motivated
by a desire to help the national defense as well as to help their own companies, said the people,
who are familiar with the agreements.
Most of the arrangements are so sensitive that only a handful of people in a company know of them,
and they are sometimes brokered directly between chief executive officers and the heads of the U.S.'s
major spy agencies, the people familiar with those programs said.
... ... ...
Committing Officer
If necessary, a company executive, known as a "committing officer," is given documents that guarantee
immunity from civil actions resulting from the transfer of data. The companies are provided with
regular updates, which may include the broad parameters of how that information is used.
Intel Corp. (INTC)'s McAfee unit, which makes Internet security software, regularly cooperates
with the NSA, FBI and the CIA, for example, and is a valuable partner because of its broad view
of malicious Internet traffic, including espionage operations by foreign powers, according to one
of the four people, who is familiar with the arrangement.
Such a relationship would start with an approach to McAfee's chief executive, who would then clear
specific individuals to work with investigators or provide the requested data, the person said.
The public would be surprised at how much help the government seeks, the person said.
McAfee firewalls collect information on hackers who use legitimate servers to do their work, and
the company data can be used to pinpoint where attacks begin. The company also has knowledge of the
architecture of information networks worldwide, which may be useful to spy agencies who tap into
them, the person said.
McAfee's Data
McAfee (MFE)'s data and analysis doesn't include information on individuals, said Michael Fey,
the company's worldwide chief technology officer.
"We do not share any type of personal information with our government agency partners," Fey said
in an e-mailed statement. "McAfee's function is to provide security technology, education, and threat
intelligence to governments. This threat intelligence includes trending data on emerging new threats,
cyber-attack patterns and vector activity, as well as analysis on the integrity of software, system
vulnerabilities, and hacker group activity."
In exchange, leaders of companies are showered with attention and information by the agencies
to help maintain the relationship, the person said.
In other cases, companies are given quick warnings about threats that could affect their bottom
line, including serious Internet attacks and who is behind them.
... ... ...
The information provided by Snowden also exposed a secret NSA program known as Blarney. As the
program was described in the Washington
Post (WPO), the agency gathers metadata on computers and devices that are used to send e-mails
or browse the Internet through principal data routes, known as a backbone.
... ... ...
Metadata
That metadata includes which version of the operating system, browser and Java software are
being used on millions of devices around the world, information that U.S. spy agencies could
use to infiltrate those computers or phones and spy on their users.
"It's highly offensive information," said Glenn
Chisholm, the former chief information officer for
Telstra Corp (TLS)., one of
Australia's largest telecommunications
companies, contrasting it to defensive information used to protect computers rather than infiltrate
them.
According to Snowden's information, Blarney's purpose is "to gain access and exploit foreign intelligence,"
the Post said.
It's unclear whether U.S. Internet service providers gave information to the NSA as part of Blarney,
and if so, whether the transfer of that data required a judge's order.
... ... ...
Einstein 3
U.S telecommunications, Internet, power companies and others provide U.S. intelligence agencies
with details of their systems' architecture or equipment schematics so the agencies can analyze potential
vulnerabilities.
"It's natural behavior for governments to want to know about the country's critical infrastructure,"
said Chisholm, chief security officer at Irvine, California-based Cylance Inc.
Even strictly defensive systems can have unintended consequences for privacy. Einstein
3, a costly program originally developed by the NSA, is meant to protect government systems from
hackers. The program, which has been made public and is being installed, will closely analyze the
billions of e-mails sent to government computers every year to see if they contain spy tools or malicious
software.
Einstein 3 could also expose the private content of the e-mails under certain circumstances, according
to a person familiar with the system, who asked not to be named because he wasn't authorized to discuss
the matter.
AT&T, Verizon
Before they agreed to install the system on their networks, some of the five major Internet companies
-- AT&T Inc. (T), Verizon Communications Inc (VZ)., Sprint Nextel Corp. (S), Level 3 Communications
Inc (LVLT). and CenturyLink Inc (CTL). -- asked for guarantees that they wouldn't be held liable
under U.S. wiretap laws. Those companies that asked received a letter signed by the U.S. attorney
general indicating such exposure didn't meet the legal definition of a wiretap and granting them
immunity from civil lawsuits, the person said.
"What is your computer actually DOING when you click on a link in a phishing email? Sherri
Davidoff of LMG Security released these
charts of an infected computer's behavior
after clicking on a link in a Blackhole Exploit Kit phishing email. You can see the malware 'phone
home' to the attacker every 20 minutes on the dot, and download updates to evade antivirus. She then
went on to capture screenshots and videos of the hacker executing a
man-in-the-browser attack against Bank of America's web site. Quoting: 'My favorite part is when
the
attacker tried to steal my debit card number, expiration date, security code, Social Security
Number, date of birth, driver's license number, and mother's maiden name– all at the same time. Nice
try, dude!!'"
3.5 stripes
Well, you were dumb enough (Score:1, Insightful)
to click on the attachment in the first place, you've already set the bar for your intelligence
minstrelmike
Re:Well, you were dumb enough (Score:5, Insightful)
Actually, there are two different populations of phish messages going around now. One of them
surprisingly enough is full of misspellings and odd grammar in a tale about a Nigerian prince.
If folks click on that, the senders know they have a live one.
But the other phishing schemes are subtle. I think reasonably intelligent folks who skim
emails (instead of read them), especially on a tiny smart-phone/blackberry screen, are just liable
to click to someplace nasty. After all, ain't no one 100% right 100% of the time.
Synerg1y
Re: Well, you were dumb enough (Score:4, Insightful)
There's a very basic question that needs to be asked by people: why am I getting this email?
If you can't figure it out, a siren should go off in your mind as to what this could be.
I do feel bad for anybody that's been caught by this, technical ineptitude is not a valid reason
to get your money stolen, especially considering the average age of the victims (it's up there).
Kenja
Re:Nice try? (Score:4, Informative)
BofA actually has VERY good online security.
If setup right, you should be shown a picture you choose to confirm that you are on the legit
site. Then in addition to your password, you can setup a system where a six digit numeric token
is sent to your cell phone which is also needed to authenticate.
Anonymous Coward
It's Quite A Bit More Than That (Score:1)
So a link in a malicious email can compromise my Windows box and cause my web browser to navigate
to addresses in a local hosts file. Welcome back to 1997.
It's quite a bit more than that. Perhaps you should RTFA.
The infection vector does not have to come via email. It can just as easily infect via
drive-by on a web page.
No hosts file involvement is necessary.
It injects malware into the system and browser.
The malware is self updating, to stay current and evade detection.
The malware in the browser inserts itself into your normal online banking activity.
It looks 100% legitimate, except for the nature of the "security verification" questions
which are too far reaching to be real.
stewsters
Re:Most of the exploits.. (Score:5, Informative)
Don't use IE6. Don't use IE7. Don't Use IE8. Its 2013. Use Chrome, Firefox, or IE 10+
Install chrome, chrome://plugins/ , block automatic execution of java and flash. Make it so
you need to click. Install an adblocker to reduce driveby downloads. Install noscript + ghostery
if you are wearing aluminum foil on your head.
Auto install security updates. If something disables it most likely you have a virus. Keep
everything up to date. Don't install toolbars or weather apps from unknown sources.
CAOgdin
I Fixed One Of These Recently (Score:5, Interesting)
This malware (which puts up the appearance of a credit/debit card and asks for all you information)
calls a server in the Ukraine. It was delivered by eMail (to a naive user) and intercepts
attempts to reach your financial institution via their website. It presents, after login
(did they capture the login info?), a panel looking like the credit/debit card, asking for the
user to fill in all information, including account number, CVC, address, and other personal information
(why anyone would fill in that data is beyond me!)
After much gnashing of teeth, I discovered it was undetectable by any known virus checker I
use (AVG, Malwarebytes, Spybot), so I had to dig deeper. It turned out that the malware was using
any references to 127.0.0.1 (local machine) for it's hook. All I had to do was edit the HOSTS
file and add the domain names of the miscreant with a reference to a different IP address that
is known to be a deadend (you could, for example, use 127.7.7.7).
When the malware couldn't execute, it couldn't disable the various malware detectors, and several
files were then identified and removed.
"Sebastian Holst makes yoga mobile apps with his wife, a yoga instructor. The Mobile Yogi is sold
in all the major mobile app stores. But when someone buys his app in the Google Play store, Holst
automatically gets something he says he didn't ask for:
the buyer's full name, location and email address.
He says consumers are not aware that Google Inc. is sharing their personal information with third
parties. No other app store transmits users' personal information to third-party developers when
they buy apps, he said." Oh Google.
UltraZelda64
Hopefully this applies only when "buying" an app.
If so, then I should be safe. This kind of privacy violation is just... wrong. Google seems
to think that their customers automatically trust third parties or something... if anything, this
demonstrates that Google themselves should not be trusted.
darknexus
RE[2]: Obviously a bug by darknexus
"If it had been a certain fruit company everyone would be rioting.
Man, it's so hard to be persecuted, eh? "
Much as I hate to be defending Apple this time, the OP is absolutely correct. There's definitely
a double standard in place for Apple in the tech media, particularly though not exclusively when
compared to Google.
If Apple had been the one doing this, everyone would have been
up in arms, torches lit, ready to burn down Apple HQ and any other buildings around them just
to make sure the deed was done.
When Google does it, not only do we get some people giving them the benefit of the doubt but
we even have some that claim Google are in the right to do this. If that's not a double standard,
I don't know what is. For myself, I say no app store should give
-- Bloomberg Businessweek's Jordan Robertson discusses why the antivirus industry has so many
customers in the face of its ineffectiveness. He speaks on Bloomberg Television's "Market Makers."
(Source: Bloomberg)
The U.S. government is developing new computer weapons and driving a black market in "zero-day"
bugs. The result could be a more dangerous Web for everyone.
Every summer, computer security experts get together in Las Vegas for Black Hat and DEFCON, conferences
that have earned notoriety for presentations demonstrating critical security holes discovered in
widely used software. But while the conferences continue to draw big crowds, regular attendees say
the bugs unveiled haven't been quite so dramatic in recent years.
One reason is that a freshly discovered weakness in a popular piece of software, known in the
trade as a "zero-day" vulnerability, can be cashed in for much more than a reputation boost and some
free drinks at the bar. Information about such flaws can command prices
in the hundreds of thousands of dollars from defense contractors, security agencies and governments.
This trade in zero-day exploits is poorly documented, but it is perhaps
the most visible part of a new industry that in the years to come is likely to swallow growing portions
of the U.S. national defense budget, reshape international relations, and perhaps make the Web less
safe for everyone.
Zero-day exploits are valuable because they can be used to sneak software onto a computer system
without detection by conventional computer security measures, such as antivirus packages or firewalls.
Criminals might do that to intercept credit card numbers. An intelligence agency or military force
might steal diplomatic communications or even shut down a power plant.
It became clear that this type of assault would define a new era in warfare in 2010, when
security researchers discovered a piece of malicious software, or malware, known as Stuxnet.
Now widely believed to have been a project of U.S. and Israeli intelligence (U.S. officials have
yet to publicly acknowledge a role but have done so anonymously to the New York Times and
NPR), Stuxnet was carefully designed to infect multiple systems needed to access and control industrial
equipment used in Iran's nuclear program. The payload was clearly the work of a group with access
to government-scale resources and intelligence, but it was made possible by four zero-day exploits
for Windows that allowed it to silently infect target computers. That so many precious zero-days
were used at once was just one of Stuxnet's many striking features.
Since then, more Stuxnet-like malware has been uncovered, and it's involved even more complex
techniques (see "The
Antivirus Era Is Over"). It is likely that even more have been deployed
but escaped public notice. Meanwhile, governments and companies in the United States
and around the world have begun paying more and more for the exploits needed to make such weapons
work, says
Christopher Soghoian, a principal technologist at the American Civil Liberties Union.
"On the one hand the government is freaking out about cyber-security,
and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the
prices," says Soghoian, who says he has spoken with people involved in the trade and
that prices range from the thousands to the hundreds of thousands. Even
civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software
onto suspects' computers or mobile phones.
Exploits for mobile operating systems are particularly valued, says Soghoian, because unlike desktop
computers, mobile systems are rarely updated. Apple sends
updates to iPhone software a few times a year, meaning that a given flaw could be exploited for a
long time. Sometimes the discoverer of a zero day vulnerability receives a monthly payment as long
as a flaw remains undiscovered. "As long as Apple or Microsoft has not fixed it you get paid," says
Soghioan.
No law directly regulates the sale of zero-days in the United States
or elsewhere, so some traders pursue it quite openly. A Bangkok-based security researcher
who goes by the name The Grugq tweets about acting as a middleman and has spoken to the press about
negotiating deals worth hundreds of thousands of dollars with government buyers from the United States
and western Europe. In an argument on Twitter last month, he denied that his business is equivalent
to arms dealing, as critics within and outside the computer security community have charged. "An
exploit is a component of a toolchain,"
he tweeted.
"The team that produces & maintains the toolchain is the weapon."
Some small companies are similarly up-front about their involvement in the trade. The French security
company VUPEN states on its website that it
"provides government-grade exploits specifically designed for the Intelligence community
and national security agencies to help them achieve their offensive cyber security and lawful
intercept missions."
Last year, employees of the company publicly demonstrated a zero-day flaw that compromised Google's
Chrome browser, but they turned down Google's offer of a $60,000 reward if they would share how it
worked. What happened to the exploit is unknown.
No U.S. government agency has gone on the record as saying that it buys zero-days. But U.S. defense
agencies and companies have begun to publicly acknowledge that they intend to launch as well as defend
against cyberattacks, a stance that will require new ways to penetrate enemy computers.
General Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber
Command, told a symposium in Washington last October that the United States is prepared to do more
than just block computer attacks. "Part of our defense has to consider offensive measures," he said,
making him one of the most senior officials to admit that the government will make use of malware.
Earlier in 2012 the U.S. Air Force invited proposals for developing "Cyberspace Warfare Attack capabilities"
that could "destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability
to use the cyberspace domain for his advantage." And in November, Regina Dugan, the head of the Defense
Advanced Research Projects Agency, delivered another clear signal about the direction U.S. defense
technology is heading. "In the coming years we will focus an increasing portion of our cyber research
on the investigation of offensive capabilities to address military-specific needs," she said, announcing
that the agency expected to expand cyber-security research from 8 percent of its budget to 12 percent.
Defense analysts say one reason for the shift is that talking about offense introduces an element
of deterrence, an established strategy for nuclear and conventional conflicts. Up to now, U.S. politicians
and defense chiefs have talked mostly about the country's vulnerability to digital attacks. Last
fall, for example, Defense Secretary Leon Panetta warned frankly that U.S. infrastructure was being
targeted by overseas attackers and that a "digital Pearl Harbor" could result (see "U.S.
Power Grids, Water Plants a Hacking Target").
Major defense contractors are less forthcoming about their role in making software to attack enemies
of the U.S. government, but they are evidently rushing to embrace the opportunity. "It's a growing
area of the defense business at the same time that the rest of the defense business is shrinking,"
says Peter Singer, director of the 21st Century Defense Initiative at the Brookings Institution,
a Washington think tank. "They've identified two growth areas: drones and cyber."
Large contractors are hiring many people with computer security skills, and some job openings
make it clear there are opportunities to play more than just defense. Last year, Northrop Grumman
posted ads seeking people to "plan, execute and assess an Offensive Cyberspace Operation (OCO) mission,"
and many current positions at Northrop ask for "hands-on experience of offensive cyber operations."
Raytheon prefaces its ads for security-related jobs with language designed to appeal to stereotypical
computer hackers: "Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our
Nerf collection dwarfs that of most toy stores. Our research and development projects cover the spectrum
of offensive and defensive security technologies."
The new focus of America's military and defense contractors may concern some taxpayers. As more
public dollars are spent researching new ways to attack computer systems, some of that money will
go to people like The Grugq to discover fresh zero-day vulnerabilities. And an escalating cycle of
competition between U.S and overseas government agencies and contractors could make the world more
dangerous for computer users everywhere.
"Every country makes weapons: unfortunately, cyberspace is like that too," says Sujeet Shenoi,
who leads the U.S.-government-sponsored Cyber Corps Program at the University of Tulsa. His program
trains students for government jobs defending against attacks, but he fears that defense contractors,
also eager to recruit these students, are pushing the idea of offense too hard. Developing powerful
malware introduces the dangerous temptation to use it, says Shenoi, who fears the consequences of
active strikes against infrastructure. "I think maybe the civilian courts ought to get together and
bar these kinds of attacks," he says.
The ease with which perpetrators of a computer attack can hide their tracks also raises the risk
that such weapons will be used, Shenoi points out. Worse, even if an attack using malware is unsuccessful,
there's a strong chance that a copy will remain somewhere on the victim's system-by accident or design-or
accidentally find its way onto computer systems not targeted at all, as Stuxnet did. Some security
firms have already identified criminal malware that uses methods first seen in Stuxnet (see "Stuxnet
Tricks Copied by Criminals").
"The parallel is dropping the atomic bomb but also leaflets with the design of it," says Singer.
He estimates that around 100 countries already have cyber-war units of some kind, and around 20
have formidable capabilities: "There's a lot of people playing this game."
Android spam botnet has been
discovered across all major networks that sends thousands of text messages without a user's permission,
TheNextWeb reported. The threat, which is known at SpamSoldier, was detected on December
3rd by Lookout Security in cooperation with an unnamed carrier partner. The malware is said to spread
through a collection of infected phones that send text messages, which usually advertise free versions
of popular paid games like Grand Theft
Auto and Angry Birds Space,
to hundreds of users each day.
Once a user clicks on the link to download the game, his or her phone instead downloads the malicious
app. When the app is downloaded, SpamSoilder removes its icon from the app drawer, installs a free
version of the game in question and immediately starts sending spam messages.
The security firm notes that the threat isn't widespread, however it has been spotted on all major
carriers in the U.S. and has potential to do serious damage if something isn't done soon to stop
it.
Initial reports earlier this week of a new Android malware botnet could now be erroneous, according
to follow-up interviews with the security researchers who made the original claims.
Two Internet security researchers who recently reported their findings of an Android botnet that
pushes spam to users' Yahoo email accounts now say they might have jumped the gun.
In an update
from The Wall Street Journal, the two researchers aren't as sure that their original claims
about the alleged Android malware and botnet are correct.
"Chester Wisniewski, senior security adviser at Sophos, said he
is rechecking his findings after Google and some other security researchers disputed findings
of an Android 'botnet,' or a cluster of computers hijacked by hackers," TheJournal
reported in its Digits blog. "In an interview Thursday, Mr. Wisniewski said that the spam
he identified generated by Yahoo??s free Web-based email service was different than normal patterns
of email spam but 'we don??t know for sure that it??s coming from Android devices.'"
The other security researcher, Microsoft engineer Terry Zink, also backtracked on his original
report about the alleged Android malware,
stating in a follow-up post "that he also didn??t know for sure that Android devices had been
compromised," according to TheJournal. ??Yes, it??s entirely possible that bot
on a compromised PC connected to Yahoo Mail' and inserted the 'Yahoo Mail for Android' tagline at
the bottom of the spam messages 'to make it look like the spam was coming from Android devices,'
he wrote."
Google, which owns and develops the Android mobile operating system, continues to deny the researchers'
claims since the first reports were released. ??The evidence we??ve examined does not support the
Android botnet claim," the company said in a statement through a spokesman. "Our analysis so far
suggests that spammers are using infected computers and a fake mobile signature to try to bypass
anti-spam mechanisms in the email platform they??re using. We??re continuing to investigate the details.?¯
The original reports from the two security researchers stated that the alleged
malware would get into a user's smartphone through a rogue app, which then used users?? Yahoo
free email accounts to send out spam, according to an earlier story on eWEEK.com. "Microsoft
engineer Terry Zink said he found spam samples coming from compromised Yahoo email accounts, but
then noted that they were being sent from Android mobile
devices."
??We??ve all heard the rumors, but this is the first time I have seen it?�a spammer has control of
a botnet that lives on Android devices,?¯ Zink originally wrote in a
blog post July 3. ??These devices log in to the user??s Yahoo Mail account and send spam. ?¦
The messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They
are sending all stock spam, the typical pump and dump variety that we??ve seen for years.?¯
Chinese security researchers have issued a public warning about a botnet comprised of a hazardous
1 million smartphones running Android, writes the local
Xinhua News
Agency.
With over 150 million Android users out of a total of
420 million mobile users, China has serious reason to fear they are in great danger of getting mass-infected
with the Android.Troj.mdk backdoor.
The Trojan that apparently has already compromised some 7,000 popular
software pieces gives the attacker remote control over the victim's handset, collects contact lists,
phone numbers, message details, geo-location data, photos or videos and pretty much whatever is stored
on the compromised device. Plus, without the user's consent, it downloads useless applications that
slow down the smartphone, drain the battery or generate aggressive adware.
The fact that this botnet already includes some 1 million devices
means that people are not fully aware or concerned about the dangers of purchasing or downloading
apps from unlicensed third-party app stores. China went so far as to ask operators to check their
stores for vulnerability to protect their clients.
To protect themselves from this menace, Chinese Android users are
urged to install a mobile security solution, regularly check the data traffic and call history and
make sure they know and approve the permissions required by some apps they acquire from non-authorized
sources.
Damballa found that in the first half of this year, the number of compromised Android devices
communicating with known criminal command and control (C&C) networks grew significantly, topping
out at 20,000 devices on two particularly nasty weeks. This marks a disturbing milestone in the evolution
of mobile malware, since until recently, mobile exploits typically didn't involve a persistent takeover
of the device and active communication with a C&C botnet. As the report concludes, "two-way Internet
communication now makes the mobile market as susceptible to criminal breach activity as desktop devices."
Magnifying the risk is the fact that, as Damballa points out, many of these devices also join
corporate Wi-Fi networks, where they are largely flying under the radar of existing security protocols
and thus are ready agents for spreading malware to other internal systems, even PCs.
Weidman's code inserts itself into the phone's modem driver and the rest of the telephony stack,
ingeniously using the SMS messaging protocol to control the underlying malware. SMS makes a great
C&C channel, according to Weidman, since it's fault-tolerant (SMS queues messages for later delivery
if the network is unavailable), hard for security teams to monitor (since it's operated by the telecom
carrier), and, perhaps most importantly, power-efficient. That's critical because IP traffic, over
Wi-Fi or 3G, is one of the biggest smartphone battery drains. By using a lightweight protocol like
SMS, botnet operators can have a relatively chatty dialog with their slave devices without tipping
the owners off that something might be amiss on their phones. The downsides are that SMS instructions
are limited to 160 characters, and users may eventually notice messaging charges on their phone bills.
Installation follows the typical path of getting someone to install a Trojan app. Weidman sums
up the significance of this attack vector: "If attackers can get the bot installed, they can remotely
control a user's phone without giving any sign of compromise to the user." The malicious beauty of
a smartphone or tablet bot is the very mobility of the host; its nomadic network transience exposes
the malware to more victims ... sort of like a traveling salesman with tuberculosis.
With mobile devices the new frontier for cybercrime, some basic security advice bears repeating.
Mobile malware is primarily spread through native apps, which largely explains why iPhone and iPad
users are less vulnerable, shielded by Apple's curated App Store. In contrast, IT should educate
Android aficionados to curb urges toward download promiscuity, since the Android Marketplace is open
to anyone and doesn't perform any security checks before publishing an app. Sure, Android forces
apps to inform users of the phone features it needs, but there is nothing to prevent it from abusing
the privilege. Even seemingly benign capabilities, like being able to send SMS text messages, can
be deviously employed, as Weidman's botnet software makes abundantly clear.
But iPhone users shouldn't get complacent. Apple's curated App Store provides a useful shield
to native malware apps, but as the drive-by JailBreakMe exploit exposed, even iOS can be compromised.
Aside from being wary of new apps from unknown sources, it's also important to maintain good mobile
device security hygiene:
-- Store as little data as possible locally -- it's impossible not to have your contact list and
cached email and browser sessions on a smartphone, but avoid storing copies of sensitive business
documents.
-- Encrypt data in storage and transit; use file encryption (or an encrypted file system as in
iOS) for local storage and VPNs for network connections on unsecured links, namely public Wi-Fi hotspots.
-- Finally, use a mobile device management service, either an enterprise product such as AirWatch,
MobileIron, or Zenprise, or a consumer-oriented service like
Apple's Find My
iPhone or Lookout for Android, that
can track and remotely wipe a lost or stolen device.
See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including
cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity,
and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code
CPFHNY25. It happens in New York City, Oct. 3-7, 2011.
Register now.
"Zeus in the mobile" (ZITMO) malware -- a Trojan crafted for the Android and BlackBerry mobile operating
systems that injects itself between the user and the mobile browser and SMS messaging software.
The malware then intercepts the confirmation text message sent by the bank, forwarding it to the
Trojan's command and control server via a relay phone number. The server uses the message to confirm
the transaction and withdraw the money. The same process happens every time the victim logs into their
bank account, gradually withdrawing money without alerting the user.
A new version of the
Zeus trojan-a longtime favorite of criminals conducting online financial fraud-has been used
in attacks on over 30,000 electronic banking customers in Europe, infecting both their personal computers
and smartphones. The sophisticated attack is designed to circumvent banks' use of two-factor authentication
for transactions by intercepting messages sent by the bank to victims' mobile phones.
The malware
and botnet system, dubbed "Eurograbber" by security researchers from Check Point Software and Versafe,
was first detected in Italy earlier this year. It has since spread throughout Europe. Eurograbber
is responsible for more than $47 million in fraudulent transfers from victims' bank accounts, stealing
amounts from individual victims that range from 500 Euros (about $650) to 25,000 Euros (about $32,000),
according to a
report published Wednesday (PDF).
The malware attack begins when a victim clicks on a malicious link, possibly sent as part
of a phishing attack.
Clicking on the link directs them to a site that attempts to download one or more trojans: customized
versions of Zeus and its SpyEye and CarBerp variants that allow attackers
to record Web visits and then inject HTML and JavaScript into the victim's browser.
The next time the victim visits their bank website, the trojans capture their credentials
and launch a JavaScript that spoofs a request for a "security upgrade" from the site, offering to
protect their mobile device from attack.
The JavaScript captures their phone number and their mobile operating system information -- which
are used in the second level of Eurograbber's attack.
With the phone number and platform information, the attacker sends a text message to the victim's
phone with a link to a site that downloads what it says is "encryption software" for the device.
But it is, in fact, "Zeus in the mobile" (ZITMO) malware -- a Trojan crafted for the Android
and BlackBerry mobile operating systems that injects itself between the user and the mobile browser
and SMS messaging software.
With both devices now compromised, the malware waits for the victim to access a bank account,
and then immediately transfers a percentage of the victim's balance to an account set up by the criminals
running the botnet.
The malware then intercepts the confirmation text message sent by the bank, forwarding it to the
trojan's command and control server via a relay phone number. The server uses the message to confirm
the transaction and withdraw the money. The same process happens every time the victim logs into
their bank account, gradually withdrawing money without alerting the user.
Security Enhancements for Android™ (SE for Android) is a project to identify and address critical
gaps in the security of Android. Initially, the project is enabling the use of SELinux in Android
in order to limit the damage that can be done by flawed or malicious apps and in order to enforce
separation guarantees between apps. However, the scope of the project is not limited to SELinux.
... ... ...
Android 4.3 is the first Android release version to fully include and enable the SELinux support
contributed by the SE for Android project. The Android 4.3 SELinux support is discussed in
https://source.android.com/devices/tech/security/se-linux.html.
Prior versions such as Android 4.2 included a subset of the SELinux support but not a complete, functional
set, and the code was disabled by default in the build (wrapped with HAVE_SELINUX conditionals).
You can build Android 4.3 and drop in a SELinux-enabled kernel without requiring further changes
if you only want the core SELinux functionality. You will still need to put the device into enforcing
mode, which under Android 4.3 you can do temporarily via an adb shell su 0 setenforce 1
or permanently by putting setenforce 1 into the init.rc file (make sure the device
boots and operates without denials first, as per
Getting Started).
AndroidBotnets on the Rise: Trends and Characteristics Heloise Pieterse Defence, Peace,
Safety and Security Council for Scientific and Industrial Research
The Last but not LeastTechnology is dominated by
two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt.
Ph.D
FAIR USE NOTICEThis site contains
copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available
to advance understanding of computer science, IT technology, economic, scientific, and social
issues. We believe this constitutes a 'fair use' of any such
copyrighted material as provided by section 107 of the US Copyright Law according to which
such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free)
site written by people for whom English is not a native language. Grammar and spelling errors should
be expected. The site contain some broken links as it develops like a living tree...
You can use PayPal to to buy a cup of coffee for authors
of this site
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or
referenced source) and are
not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society.We do not warrant the correctness
of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be
tracked by Google please disable Javascript for this site. This site is perfectly usable without
Javascript.
Following typical Google fashion, the new scanning service is completely opt-in: The first time you install an app from a source other than the Play Store -- including a third-party app market like Amazon's app store -- Android pops up a box asking if you want such applications to be checked for "harmful behavior." (There's also a checkbox in the "Security" section of the 4.2 system settings that lets you turn the service on or off at any point.)
