Researchers discover first malware to target Google's Android


Last Updated:

  1. Slick1020

    Slick1020 Banned This Topic's Starter

    Joined:
    Jul 13, 2010
    Messages:
    494
    Likes Received:
    163

    Advertisement
  2. laredo7mm

    laredo7mm Well-Known Member

    Joined:
    Jun 2, 2010
    Messages:
    379
    Likes Received:
    77
    double tap...lol
     
  3. optikalillusi0n

    optikalillusi0n Well-Known Member

    Joined:
    Jun 12, 2010
    Messages:
    84
    Likes Received:
    25
    Why won't they say what app it is ? Kinda messed up, heh.
     
  4. Vihzel

    Vihzel Destroying Balls Everyday VIP Member

    Joined:
    Apr 8, 2010
    Messages:
    5,364
    Likes Received:
    1,055
    The article says it's called "Movie Player"
     
    optikalillusi0n likes this.
  5. EarlyMon

    EarlyMon The PearlyMon Moderator

    Joined:
    Jun 10, 2010
    Messages:
    57,614
    Likes Received:
    70,271
    So it begins.
     
  6. ThatNewAndroidGuy

    ThatNewAndroidGuy Well-Known Member

    Joined:
    Apr 9, 2010
    Messages:
    432
    Likes Received:
    103
    Yea its gonna suck, esp at the rate android OS is climbing, while also being open source.
     
  7. optikalillusi0n

    optikalillusi0n Well-Known Member

    Joined:
    Jun 12, 2010
    Messages:
    84
    Likes Received:
    25
    Ack.. I totally missed that. lol, thanks.
     
  8. pwnst*r

    pwnst*r Well-Known Member

    Joined:
    Jun 4, 2010
    Messages:
    912
    Likes Received:
    206
    Yet another reason not to download the latest apps in the Market from newcomers. That's the catch .22 between the Market and Apple's store.
     
  9. EarlyMon

    EarlyMon The PearlyMon Moderator

    Joined:
    Jun 10, 2010
    Messages:
    57,614
    Likes Received:
    70,271
    Yet another reason I wish I could run apps in a doghouse.

    I also wish the Android firewall would work also, but so far, it's no soap for me on the Evo.
     
  10. pwnst*r

    pwnst*r Well-Known Member

    Joined:
    Jun 4, 2010
    Messages:
    912
    Likes Received:
    206
    When you say doghouse, are you referring to a sandbox environment?
     
  11. grainysand

    grainysand Well-Known Member

    Joined:
    Feb 4, 2010
    Messages:
    1,580
    Likes Received:
    175
    Do you... do you actually think open-source magically means it's less secure? I'm not sure you get what "open-source" means.
     
  12. Intervenient

    Intervenient Well-Known Member

    Joined:
    Jul 14, 2010
    Messages:
    671
    Likes Received:
    48

    I think he's referring more to the fact that the Android market is virtually unmonitored.
     
  13. Bitbang3r

    Bitbang3r Well-Known Member

    Joined:
    Apr 24, 2010
    Messages:
    108
    Likes Received:
    24
    The supreme irony is that 6 months from now, users with rooted phones and AOSP will yawn, because we'll have long since hacked the source to intercept and block outgoing SMS requests to shortcodes and non-American areacodes. Meanwhile, users obediently running official carrier-blessed ROMs will be screwed since carriers won't want to risk having twenty million customers decide to not send votes to American Idol because it would mean having to unblock shortcodes first in the settings menu...
     
  14. EarlyMon

    EarlyMon The PearlyMon Moderator

    Joined:
    Jun 10, 2010
    Messages:
    57,614
    Likes Received:
    70,271
    Actually more of a virtual wrapper around the app so that all ports in and out may be controlled or even simulated for study.

    Just as a sandbox protects a repository and limits damage done to source by local tinkering, a doghouse protects an OS and limits the damage an app can do by nefarious outreach of network ports.

    In some organizations the two terms have a certain interchangeability.
     
  15. EarlyMon

    EarlyMon The PearlyMon Moderator

    Joined:
    Jun 10, 2010
    Messages:
    57,614
    Likes Received:
    70,271
    I took it at face value and that the meaning was simply that with open source there might be a higher potential for exploits to be found by direct examination of the infrastructure and privileged-action handling mechanisms.

    This has been a well-known and long-term admonition against open source and proponents line up on both sides of the line in the sand to argue for and against its reasonableness and probability.

    I didn't say it, but that's how I read it, and I defend that it's at least worthy to keep on the table until this OS matures further and all facts are known.

    FWIW - I'm a huge proponent and supporter of FOSS and have been for nearly two decades.
     
  16. huntleth

    huntleth Well-Known Member

    Joined:
    Jun 26, 2010
    Messages:
    180
    Likes Received:
    25
    I think the best option to avoid restricting the freedom of the market is to introduce settings to filter out all apps that don't have a certain amount of ratings, good or bad, unless otherwise specified that you wish to see them.
     
  17. Big D

    Big D Well-Known Member

    Joined:
    Jan 5, 2010
    Messages:
    176
    Likes Received:
    4
    This is the double edged sword. No restrictions on apps but no security either!
     
  18. ThatNewAndroidGuy

    ThatNewAndroidGuy Well-Known Member

    Joined:
    Apr 9, 2010
    Messages:
    432
    Likes Received:
    103
    This is what I meant. To me it's like you have the blueprints for the bank/mansion you want to break into. So they will just look for the doors in the source.
     
  19. EarlyMon

    EarlyMon The PearlyMon Moderator

    Joined:
    Jun 10, 2010
    Messages:
    57,614
    Likes Received:
    70,271
    Russian (and now Chinese) hackers are known to be particularly clever.

    However, in this case, I think the entire exploit was relying on user laissez-faire and was rather straightforward, from what little I've read.

    Regardless of market vetting by any camp, over-trust by users will probably always be the most-used infection vector for any OS, in my opinion.

    People often flame me for what I'm about to say, and that's a don't-care for me:

    I note that the report on this exploit was given by a anti-virus/malware vendor.

    I've noted over the years that the anti-virus/malware vendors seem particularly adept at fixing viruses almost as soon as they're released into the wild - and the more vendors for that sort of thing there are, the more viruses seem to crop up.

    People tell me there's no one hiding under my bed and that I have cause and effect wrong.

    And I just follow the money.

    On this, I'm probably completely wrong. I often am.

    In this case, the exploit did accompany a profit motive for the black hats.
     

Share This Page

Loading...