1. Download our Official Android App: Forums for Android!

Researchers discover first malware to target Google's Android

Discussion in 'Android Lounge' started by Slick1020, Aug 11, 2010.

  1. Slick1020

    Thread Starter
    68

    Jul 13, 2010
    494
    163
    68

    Advertisement

  2. laredo7mm

    laredo7mm Android Enthusiast
    53

    Jun 2, 2010
    379
    77
    53
    double tap...lol
     
  3. optikalillusi0n

    optikalillusi0n Well-Known Member
    23

    Jun 12, 2010
    84
    25
    23
    Why won't they say what app it is ? Kinda messed up, heh.
     
  4. Vihzel

    Vihzel Destroying Balls Everyday
    333

    Apr 8, 2010
    5,364
    1,055
    333
    NYU Student & Real Estate Agent
    Manhattan, NY
    The article says it's called "Movie Player"
     
    optikalillusi0n likes this.
  5. EarlyMon

    EarlyMon The PearlyMon
    5,218

    Jun 10, 2010
    57,628
    70,394
    5,218
    New Mexico, USA
    So it begins.
     
  6. ThatNewAndroidGuy

    ThatNewAndroidGuy Android Enthusiast
    68

    Apr 9, 2010
    432
    103
    68
    Workin at the squeaky mart.
    Residin in Florida
    Yea its gonna suck, esp at the rate android OS is climbing, while also being open source.
     
  7. optikalillusi0n

    optikalillusi0n Well-Known Member
    23

    Jun 12, 2010
    84
    25
    23
    Ack.. I totally missed that. lol, thanks.
     
  8. pwnst*r

    pwnst*r Android Expert
    113

    Jun 4, 2010
    912
    206
    113
    Yet another reason not to download the latest apps in the Market from newcomers. That's the catch .22 between the Market and Apple's store.
     
  9. EarlyMon

    EarlyMon The PearlyMon
    5,218

    Jun 10, 2010
    57,628
    70,394
    5,218
    New Mexico, USA
    Yet another reason I wish I could run apps in a doghouse.

    I also wish the Android firewall would work also, but so far, it's no soap for me on the Evo.
     
  10. pwnst*r

    pwnst*r Android Expert
    113

    Jun 4, 2010
    912
    206
    113
    When you say doghouse, are you referring to a sandbox environment?
     
  11. grainysand

    grainysand Android Expert
    143

    Feb 4, 2010
    1,580
    175
    143
    Do you... do you actually think open-source magically means it's less secure? I'm not sure you get what "open-source" means.
     
  12. Intervenient

    88

    Jul 14, 2010
    671
    48
    88
    Student at UCSB

    I think he's referring more to the fact that the Android market is virtually unmonitored.
     
  13. Bitbang3r

    Bitbang3r Well-Known Member
    38

    Apr 24, 2010
    108
    24
    38
    The supreme irony is that 6 months from now, users with rooted phones and AOSP will yawn, because we'll have long since hacked the source to intercept and block outgoing SMS requests to shortcodes and non-American areacodes. Meanwhile, users obediently running official carrier-blessed ROMs will be screwed since carriers won't want to risk having twenty million customers decide to not send votes to American Idol because it would mean having to unblock shortcodes first in the settings menu...
     
  14. EarlyMon

    EarlyMon The PearlyMon
    5,218

    Jun 10, 2010
    57,628
    70,394
    5,218
    New Mexico, USA
    Actually more of a virtual wrapper around the app so that all ports in and out may be controlled or even simulated for study.

    Just as a sandbox protects a repository and limits damage done to source by local tinkering, a doghouse protects an OS and limits the damage an app can do by nefarious outreach of network ports.

    In some organizations the two terms have a certain interchangeability.
     
  15. EarlyMon

    EarlyMon The PearlyMon
    5,218

    Jun 10, 2010
    57,628
    70,394
    5,218
    New Mexico, USA
    I took it at face value and that the meaning was simply that with open source there might be a higher potential for exploits to be found by direct examination of the infrastructure and privileged-action handling mechanisms.

    This has been a well-known and long-term admonition against open source and proponents line up on both sides of the line in the sand to argue for and against its reasonableness and probability.

    I didn't say it, but that's how I read it, and I defend that it's at least worthy to keep on the table until this OS matures further and all facts are known.

    FWIW - I'm a huge proponent and supporter of FOSS and have been for nearly two decades.
     
  16. huntleth

    huntleth Well-Known Member
    43

    Jun 26, 2010
    180
    25
    43
    I think the best option to avoid restricting the freedom of the market is to introduce settings to filter out all apps that don't have a certain amount of ratings, good or bad, unless otherwise specified that you wish to see them.
     
  17. Big D

    Big D Well-Known Member
    56

    Jan 5, 2010
    176
    4
    56
    Upstate NY
    This is the double edged sword. No restrictions on apps but no security either!
     
  18. ThatNewAndroidGuy

    ThatNewAndroidGuy Android Enthusiast
    68

    Apr 9, 2010
    432
    103
    68
    Workin at the squeaky mart.
    Residin in Florida
    This is what I meant. To me it's like you have the blueprints for the bank/mansion you want to break into. So they will just look for the doors in the source.
     
  19. EarlyMon

    EarlyMon The PearlyMon
    5,218

    Jun 10, 2010
    57,628
    70,394
    5,218
    New Mexico, USA
    Russian (and now Chinese) hackers are known to be particularly clever.

    However, in this case, I think the entire exploit was relying on user laissez-faire and was rather straightforward, from what little I've read.

    Regardless of market vetting by any camp, over-trust by users will probably always be the most-used infection vector for any OS, in my opinion.

    People often flame me for what I'm about to say, and that's a don't-care for me:

    I note that the report on this exploit was given by a anti-virus/malware vendor.

    I've noted over the years that the anti-virus/malware vendors seem particularly adept at fixing viruses almost as soon as they're released into the wild - and the more vendors for that sort of thing there are, the more viruses seem to crop up.

    People tell me there's no one hiding under my bed and that I have cause and effect wrong.

    And I just follow the money.

    On this, I'm probably completely wrong. I often am.

    In this case, the exploit did accompany a profit motive for the black hats.
     

Share This Page

Loading...