Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Security experts release software to attack Android phones

A tool for attacking devices running Google's Android operating system was released by security researchers today at the Defcon hackers conference in Las Vegas.

The root-kit tool was released to "to persuade manufacturers to fix a bug that lets hackers read a victim's email and text messages," according to report by Reuters.

"It wasn't difficult to build," said Nicholas Percoco, who leads Spider Labs. Working with a colleague, Percoco said it took about two weeks to develop the tool, which allows nefarious users to take control of the device and steal email and text messages.

Percoco distributed the root kit on DVDs at the Defcon conference, which is a meeting of around 10,000 security experts who can attend anonymously. Reuters noted that "law enforcement posts undercover agents in the [Defcon] audience to spot criminals and government officials recruit workers to fight computer crimes and for the Department of Defense."

Security issues hitting Android are contradicting the perception that malicious attacks are primarily directed at the largest installed base. The global installed base of Apple's iOS devices is at least four times as large as Android, which despite a lot of media attention, is still similar to Microsoft's beleaguered Windows Mobile in terms of market share.

Android's open-ended security defended

A day ago, security researchers at Lookout reported the potential for mobile software to take invisible actions that users were not aware were happening, noting that many apps on all platforms can gain access to private data, and specifically calling out a wallpapers app on Android for collecting device data, phone numbers, and voicemail numbers of users who downloaded the app, forwarding the information to servers in China.

At least one Android blog, Android Tapp, rushed to defend the platform, insisting that an initial report by Venture Beat was inciting "fear. uncertainty and doubt" by describing the data collection as "malicious."

The blog indicated that there was nothing wrong with developers collecting Android users' data without disclosure and for unknown purposes, suggesting instead that users should anticipate the full consequences of downloading third party software based on the permissions that software requests during installation.

While defending the developer involved in harvesting Android users' phone numbers, voicemail phone numbers, and device IDs through his "Jackeey Wallpaper" app, the Android fan blog pointed out that other Android wallpaper apps request permissions to read phone call information, read SD Card storage, and access contact data.

Following Lookout's report, Google pulled the wallpaper app in question, but other apps that do the same thing while requesting even more access to users' data are still available for download.

"True all users should indeed be aware of what they are installing from the Android Market," the Android blog concluded. "But was the mass negative press without covering the complete story warranted???"



56 Comments

daharder 15 Years · 1580 comments

Ohhh... Now That Really Helps, let's just do this to all mobile OS platforms to make your little point.

Note: Yes, They're ALL Vulnerable in one way or another).

esummers 15 Years · 952 comments

Why is it suddenly okay to have a wallpaper app that harvests all your personal data as long as they tell you they will access your address book during installation?

I don't really see how this changes things. The app is still malicious and they are distributing it through the Android app store. We don't see the same things happen in the AppStore. I can't see enterprise customers interested in this platform. Imagine someone cold calling all your clients in your address book as you?

8corewhore 16 Years · 822 comments

Heck, google releases software that attacks android.

quinney 18 Years · 2527 comments

Quote:
Originally Posted by AppleInsider

At least one Android blog, Android Tapp, rushed to defend the platform, insisting that an initial report by Venture Beat was inciting "fear. uncertainty and doubt" by describing the data collection as "malicious."

..."True all users should indeed be aware of what they are installing from the Android Market," the Android blog concluded. "But was the mass negative press without covering the complete story warranted???"

Android fans should be happy. If FUD is being created about Android, it means they are being recognized as significant. Welcome to the bigtime (unless you can't stand the taste of your own medicine).

lostkiwi 18 Years · 640 comments

Quote:
Originally Posted by quinney

Android fans should be happy. If FUD is being created about Android, it means they are being recognized as significant. Welcome to the bigtime (unless you can't stand the taste of your own medicine).

Here in NZ the media was painting it as an issue that affects the iPhone 'and other smartphones'. A cursory mention was made of Android.
Why do people even buy papers anymore?