An Interest In:
Web News this Week
- April 27, 2024
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
Some of Our Sources
- Slashdot
- Techcrunch
- The Logo Smith
- Smashing Magazine
- Six Revisions
- My Ink Blog
- Web Resource Source
- Daily Now
- Hashedout
- The Verge
Help Webnuz
Referal links:
March 12, 2011 10:40 pm GMT
Ten days ago Google discovered that apparently innocuous Android apps were in fact infested with "DroidDream" malware that included an Android rootkit, with the apparent intent of creating a smartphone botnet. It infected more than a quarter of a million devices before Google intervened. The thriller writer in me immediately began to wonder what would happen if black hats built a wildly popular game that doubled as a botnet beachhead. Imagine if Angry Birds was secretly the world's biggest botnet: even without root access to its install base, those hypothetical black hats could grab private data from tens millions of people, and/or probably DDoS every wireless network in the developed world, especially if it ran as a background service with location access.That will never happen, of course: it's what security guru Bruce Schneier calls a "movie-plot threat." But it does illustrate that you couldn't stop a Trojan app like that in advance. Android Market security is based on permission requests when an app is installed: such requests are routinely ignored, since nowadays almost every app asks for full Internet and SD card access. Ah, you might say, if only Android apps were vetted in advance, like Apple's! In which case you should really stop kidding yourself. Most apps seem to be reviewed in an hour or less (after days in the queue.) Apple appears to check the libraries they link against, and maybe they can decompile to the original source code, too - though I doubt it - but iOS apps are written in Objective-C, which includes support for C itself, a language for which labyrinthine obfuscation has become an art form. Any developer worth his/her salt could write an iOS app that includes code whose use only becomes apparent when the app receives a secret signal.
Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/yzbDQCoP0Xc/
The Walled Garden Has Won
Ten days ago Google discovered that apparently innocuous Android apps were in fact infested with "DroidDream" malware that included an Android rootkit, with the apparent intent of creating a smartphone botnet. It infected more than a quarter of a million devices before Google intervened. The thriller writer in me immediately began to wonder what would happen if black hats built a wildly popular game that doubled as a botnet beachhead. Imagine if Angry Birds was secretly the world's biggest botnet: even without root access to its install base, those hypothetical black hats could grab private data from tens millions of people, and/or probably DDoS every wireless network in the developed world, especially if it ran as a background service with location access.That will never happen, of course: it's what security guru Bruce Schneier calls a "movie-plot threat." But it does illustrate that you couldn't stop a Trojan app like that in advance. Android Market security is based on permission requests when an app is installed: such requests are routinely ignored, since nowadays almost every app asks for full Internet and SD card access. Ah, you might say, if only Android apps were vetted in advance, like Apple's! In which case you should really stop kidding yourself. Most apps seem to be reviewed in an hour or less (after days in the queue.) Apple appears to check the libraries they link against, and maybe they can decompile to the original source code, too - though I doubt it - but iOS apps are written in Objective-C, which includes support for C itself, a language for which labyrinthine obfuscation has become an art form. Any developer worth his/her salt could write an iOS app that includes code whose use only becomes apparent when the app receives a secret signal.Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/yzbDQCoP0Xc/
Share this article:
Tweet
View Full Article
Techcrunch
TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.More About this Source Visit Techcrunch