Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

DroidDream turns Androids into zombies

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper"

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.

The code, dubbed "DroidDream," attempts to use two exploits to gain root privilege on a compromised smartphone by breaking out of the sandbox designed to limit what applications can do on Android devices, mobile security firm Lookout stated in its most recent analysis. While the vulnerabilities targeted by the program were patched by Google last year, the majority of phones do not have the update yet, allowing the attack to compromise more than 260,000 phones, Google said in a statement.

Also see: After attacks, Google vows to fortify Android Market

Following the first stage of the attack, the program then forwards phone-specific information -- including hardware, software and service identifiers -- to a command-and-control server, which can then direct the compromised phone to reconnect at a certain time and download additional functionality from a specific URL, according to Lookout's analysis.

"The second stage is more interesting -- it is essentially a blank check," says Kevin Mahaffey, Lookout co-founder and chief technology officer.

The second-stage program appears to have unfinished functionality that would have allowed it to manipulate Marketplace ratings and post comments, the Lookout analysis states, concluding that "DroidDream could be considered a powerful zombie agent."

Google pulled down 58 applications from the Android Marketplace and has started to identify affected users and remotely remove the malicious applications from their smartphones. The company will also be pushing a security update to all users to undo any malicious changes and augmenting security measures for the Android Marketplace to attempt to head off future incidents, the company stated in a blog post.

Security companies have repeatedly predicted the rise of mobile malware, but the threat has typically been more myth than reality. Previous attacks against Android-based smartphones have targeted non-Marketplace apps. Earlier this year, for example, Lookout warned of the Geinimi Trojan, which mainly spread in China.

Yet, malware developers seems to be focusing more intensely on mobile-device users. Businesses need to worry because their IT departments do not have the same control over smartphones that they may have over their PCs and laptops, Mahaffey says.

"When there is a vulnerability there are two choices: You can work around it or you can patch it," he says. "With mobile, there really isn't that ability (to patch) right now."

Instead, businesses should deploy device management software that allows them to implement application whitelists, he says.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Google
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: applications, data protection, Data Protection | Wireless, DroidDream, Google, Google security, Lookout Mobile Security, mobile security, security, smartphone security, software
Latest Blog Posts
Whitepapers
  • HP Managed Print Services solutioning methodology
    Many organisations launch initiatives to increase the efficiency of their imaging and printing environment—only to quickly find that maintaining those improvements is the real challenge. Sustainable, long-term efficiency gains require that imaging and printing be approached as part of your organisation’s overall IT strategy. Read more.
    Learn more »
  • Simplifying branch office security
    Securing your business network is more important than ever. Malware, botnets and other malicious programs threaten your network—at your central offices and your branch offices alike. Yet enforcing consistent network security throughout your enterprise can be challenging—especially for those of you with branch offices with few users and no IT expertise. This paper introduces a new standard—an innovative, unified, cost-effective solution for managing branch office security, with centralised reporting and a clear process for determining return on investment (ROI).
    Learn more »
  • 10 Essential Steps to Email Security
    Modern business is reliant on email. All organisations using email need to answer the following questions: How do we control spam volumes without the risk of trapping a business email? How do we prevent infections from email-borne viruses? How do we stop leakage of confidential information? Can we detect and stop exploitation from phishing attacks? How do we control brand damage from occurring due to employee misuse? How do we prevent inappropriate content from being circulated?
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments