wisebabo writes “A wallpaper utility (that presents purloined copyrighted material) ‘quietly collects personal information such as SIM card numbers, text messages, subscriber identification, and voicemail passwords. The data is then sent to www.imnet.us, a site that hails from Shenzen, China.’”
Read more of this story at Slashdot.
alphadogg writes “Hoping to understand what a new generation of mobile malware could resemble, security researchers will demonstrate a malicious ‘rootkit’ program they’ve written for Google’s Android phone next month at the Defcon hacking conference in Las Vegas. Once it’s installed on the Android phone, the rootkit can be activated via a phone call or SMS message, giving attackers a stealthy and hard-to-detect tool for siphoning data from the phone or misdirecting the user. ‘You call the phone, the phone doesn’t ring, and when the phone realizes that it’s being called by an attacker’s phone number, it sends him back a shell [program],’ said Christian Papathanasiou, a security consultant with Chicago’s Trustwave, the company that did the research.”
Read more of this story at Slashdot.
Security researchers at Kaspersky Lab announced the first malware for the Android operating system to be classified as a Trojan-SMS, the most widespread type of malware on mobile phones.
The malware is disguised as a media player application with the standard Android .APK file extension. When the 13KB file is installed, the mobile device will start to send SMS messages to premium numbers which incur charges on the user’s account.
Because Android is growing at such an explosive rate, and users are storing an increasing amount of important data on their mobile phones, the platform is an attractive one for renegade application makers.
“We can expect to see a corresponding rise in the amount of malware targeting [Android],” Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab said in a blog posting Monday. “Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”
The company has profiled the malware as “Trojan-SMS.AndroidOS.FakePlayer.a”
siliconbits writes “BBC News has shown how straightforward it is to create a malicious application for a smartphone. Over a few weeks, the BBC put together a crude game for a smartphone that also spied on the owner of the handset. The application was built using standard parts from the software toolkits that developers use to create programs for handsets. This makes malicious applications hard to spot, say experts, because useful programs will use the same functions.”
Read more of this story at Slashdot.
siliconbits writes “A Trojan posing as a media player for Android smartphones automatically sends text messages to premium rate numbers, according to Kaspersky Lab. Company officials say the Trojan, dubbed Trojan-SMS.AndroidOS.FakePlayer.a, is the first of its kind for the Android platform, even though SMS Trojans are currently the most widespread type of malware on mobile phones.”
Read more of this story at Slashdot.
Apple released iOS 4.0.2 for the iPhone and iPod touch, and iOS 3.2.2 for the iPad on Wednesday, effectively closing the PDF flaw which allowed hackers access to the internal code of those devices. The exploit was central to the jailbreakme.com hack released earlier this month. According to release notes with the updates, the PDF fix is the only change made to the code of the OS.
The jailbreak also made it possible for the iPhone Dev Team to release a version of its ultrasn0w carrier unlock for the iPhone 4 for the first time, which it did two days after the release of jailbreakme.com.
The Cupertino company said shortly after the jailbreak that it was aware of the issue and would be releasing a fix. It is not clear what the Dev Team’s next move would be, considering anyone who updates would now be unable to use the site.
“Comex,” the developer behind jailbreakme.com, only said as part of a tweet late Tuesday that “[I] guess I need to get working on the next jailbreak,” likely in reference to the anticipation that Apple was about to update iOS, which it did indeed do.
Users wishing to update to the new software would be able to do so by connecting their iOS device to iTunes, and clicking “Check for Update.” Similarly, those who may be in line for an automated weekly check for updates may start being prompted to upgrade beginning today.
It appears that those who have jailbroken before the fix would still remain jailbroken, although that has not yet been independently confirmed.
climenole writes “Research in Motion, the creator of the widely used enterprise-cum-consumer BlackBerry device, has an uncertain position in India. The Indian government’s internal security and intelligence services cannot break the encryption of the device, which makes countering terror threats and national security matters difficult — especially for a region which faces constant threats and attacks from domestic Maoist insurgents and extremist Islamic groups.” Does it make you wonder how much safer everyone would be if parkas, mailing envelopes, cash, and superglue were all evaluated on the same basis?
Read more of this story at Slashdot.
adeelarshad82 writes “Latest reports indicate that the website that ‘jailbreaks’ iPhones, iPads, and iPod Touches does so by means of a PDF-based vulnerability in OS X. PDF parsing and rendering is a core feature of OS X, and there have been several other vulnerabilities in the past in iOS CoreGraphics PDF components.” As Gruber points out, the proper term for this is not “jailbreak,” but “remote code exploit in the wild.”
Read more of this story at Slashdot.
tomhudson writes “Despite all the hype about Apple’s latest iPhone, Android has sold more in the last 6 months (27% of all smartphone sales) than Apple (23%). The gains for Android are coming at the expense of RIM (still #1 at 33%, down from 45% a year ago), Windows Mobile (11%, down from 20%) and the iPhone (down from 34% at it’s peak 6 months ago). If the current trend continues, Android is expected to be #1 within the year.”
Read more of this story at Slashdot.
WrongSizeGlass writes “CNet is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mails and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything.”
Read more of this story at Slashdot.
