DroidDream turns Androids into zombies
- 09 March, 2011 05:19
The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.
The code, dubbed "DroidDream," attempts to use two exploits to gain root privilege on a compromised smartphone by breaking out of the sandbox designed to limit what applications can do on Android devices, mobile security firm Lookout stated in its most recent analysis. While the vulnerabilities targeted by the program were patched by Google last year, the majority of phones do not have the update yet, allowing the attack to compromise more than 260,000 phones, Google said in a statement.
Following the first stage of the attack, the program then forwards phone-specific information -- including hardware, software and service identifiers -- to a command-and-control server, which can then direct the compromised phone to reconnect at a certain time and download additional functionality from a specific URL, according to Lookout's analysis.
"The second stage is more interesting -- it is essentially a blank check," says Kevin Mahaffey, Lookout co-founder and chief technology officer.
The second-stage program appears to have unfinished functionality that would have allowed it to manipulate Marketplace ratings and post comments, the Lookout analysis states, concluding that "DroidDream could be considered a powerful zombie agent."
Google pulled down 58 applications from the Android Marketplace and has started to identify affected users and remotely remove the malicious applications from their smartphones. The company will also be pushing a security update to all users to undo any malicious changes and augmenting security measures for the Android Marketplace to attempt to head off future incidents, the company stated in a blog post.
Security companies have repeatedly predicted the rise of mobile malware, but the threat has typically been more myth than reality. Previous attacks against Android-based smartphones have targeted non-Marketplace apps. Earlier this year, for example, Lookout warned of the Geinimi Trojan, which mainly spread in China.
Yet, malware developers seems to be focusing more intensely on mobile-device users. Businesses need to worry because their IT departments do not have the same control over smartphones that they may have over their PCs and laptops, Mahaffey says.
"When there is a vulnerability there are two choices: You can work around it or you can patch it," he says. "With mobile, there really isn't that ability (to patch) right now."
Instead, businesses should deploy device management software that allows them to implement application whitelists, he says.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- The Official Lookout Blog : Do Androids Dream…?
- After attacks, Google vows to fortify Android Market - CSO Online - Security and Risk
- An Update on Android Market Security - Official Google Mobile Blog
- Android malware bandwagon rolling downhill
- Geinimi Android malware has 'botnet-like' capabilities - CSO Online - Security and Risk
- Wireless/Mobile Security - CSO Online - Security and Risk
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Call Centers Suffer From Big Data Overload
CIO 100: Carsales wins top gong for innovation
How to secure passwords and other critical numbers
How to Socially Enable Your Contact Centre
More than 75 per cent of consumers have posted damaging comment on social media following a negative customer experience. Yet a whopping 70 per cent of companies have little understanding of the social media conversations featuring their brand. This whitepaper looks at how to deliver your brand promise, retain customers and increase their lifetime value with new service channels.
Casestudy: Managing an Antivirus Service and Improve the Customer Experience
Anittel Group has provided managed technology and connectivity services to organisations for more than 15 years, expanding to become one of the world’s largest full-service, IT and telecommunications companies. Previously, Anittel deployed an in-built antivirus solution as part of its managed service offering, which addressed a number of its customers’ needs, except for individual malware infections, which occurred as often as a several times a week. In this case study, find out what they did to solve this problem.
Delivering Private Clouds Today
Developing effective private cloud management and implementation plans is a top priority for many IT decision makers. Highly integrated management environments can monitor and optimize complex, heterogeneous private cloud applications, while infrastructure can provide IT staff with self-service provisioning capabilities and tools to automate many routine processes and workflows. This white paper discusses industry-wide views on private cloud management trends and priorities, while case studies highlight the benefits of using enhanced architecture and highlight the lessons learned.