Mobile Spyware Conferences Into Your Calls 105
wiredmikey writes "Reports of Multiple Variants of Android Virus 'Hong Tou Tou' are showing up, which has mainly been working its way onto smartphones via alternative app marketplaces.
Today, we saw reports of a new variant of spyware "Spy.Felxispy" targeting Symbian devices, identified by the National Computer Virus Emergency Response Centre of China. More than a dozen variants of the spyware have emerged since the first was spotted, and the latest has affected 150,000+ devices. Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation."
Virus? (Score:2)
Re: (Score:3)
There was an article recently about malware being highly prevalent in wallpaper packs. Malware authors would download the packs, jimmy their spyware payload into the installer, and repost it somewhere else, sometimes under the same name.
One of the disadvantages for an unlocked system, you are now placing the user primarily in charge of the security of the system. That's very hard to get right.
Re: (Score:1)
But I ask the same I asked in the last Android trojan discussion here:
- On Android the app was installed from a bogus marketplace, so if I do not change this default android restriction (you are not able to install apps out of official marketplace without explicitly changing configuration with a beautiful warning), how is this a problem to a "normal" (maybe security conscious) user ? When you give a certain degree of freedom in a device, uncautious users are able to make this things even after several warni
Re: (Score:2)
Re: (Score:1)
You are correct.
Then it's the same it happens with email. Only one email fellow with a trojan makes you receive a lot of Spam.
It's time to educate people you talk to the same way you try when you are talking with email fellows.
I understand what you say, but installing an app out of official Marketplace cannot be seen as an accidental trojan infection (at least in my personal experience), you have to disable a couple of settings to be able to do so in a stock phone, so when someone does this it really wants
Re: (Score:2)
Yes
And if you allow a 'wallpaper pack' permission to access the network, really?!
Ok, scratch that, if you download a 'wallpaper pack' instead of picking photos on flickr you deserve it
Re: (Score:1)
How would you recommend implementing a wallpaper gallery application with hundreds or thousands of pictures in a reasonable size without using network access?
Psst. Your phone has this thing called "flash memory." It may even have something called an "SD slot." Google around and maybe you'll figure something out.
Re: (Score:2)
Re: (Score:1)
Pray tell. How does this virus propagate?
Spyware not virus. From article, "the cybercriminals usually install the spyware on the phone or send MMS containing the spyware to users to lure them to click."
Re: (Score:2)
Multiple Variants of Android Virus 'Hong Tou Tou' Surface in China
Re: (Score:1)
Nice to see you RTFA, but apparently you missed the title:
Multiple Variants of Android Virus 'Hong Tou Tou' Surface in China
Viruses technically need to be capable of self replication according to the dictionary definition. Although the term 'virus' is now being used more generically to refer to any kind of nasty computer program but I do see the parent's point.
Re: (Score:1)
Re:Virus? (Score:5, Insightful)
I know most /.ers don't RTFA
I was just leading readers along a path that ends with questioning the alarmist nature of the SecurityWeek article.
Its not a Virus, it doesn't propagate itself. You only get this Trojan by going to a unsecured website (A Chinese one at that) website and downloading it from there.
In other news, iPhones are dangerous when eaten.
Re: (Score:1)
Re: (Score:2)
We're talking about computer viruses, which are distinct from worms or trojans; all of them fall under the collective umbrella of the term "malicious software". Wikipedia probably has more info.
Re: (Score:3)
You only get the virus through your own actions.
Haemophiliacs, rape victims, children of HIV positive mothers.
The defining characteristic of a virus is that it makes copies of itself and broadcasts them around to hopefully contact and infect the next host.
The defining characteristic of a Trojan Horse is that is presents itself as a benign object and waits for an unwary administrator to install it within a defensive perimeter.
An EXE is not a virus if it does not attempt to broadcast itself to the next host.
Re: (Score:2)
Same could be said about HIV. You only get the virus through your own actions.
Do you consider getting stabbed by a junkie with an infected needle, or receiving an infected blood conserve (like it happened to a friend of my father) really "your own" actions? Or getting born with it (400,000 kids just in Africa in 2009, source: Wikipedia article about BornHIVFree)?
outliers (Score:2)
In modernized countries, these problems are completely insignificant for spreading HIV. I'll grant that it's more likely than death by meteorite.
Re: (Score:2)
Yeah, I know, most common is willingly unprotected sex and sharing of drug tools.
Oh, and just like a computer virus may use OS routines to propagate itself, HIV uses our ejaculation routine. Propagating itself is not meant as doing that entirely on its own. One more example is airborne infection, which usually requires the host to be breathing.
Re: (Score:2)
I agree that this sounds more like a trojan.
Maybe "BD.HongTouTou.A" and "BD.HongTouTou.B" propagate within a server hosting the app market place by infecting the android packages being distributed. A mother virus called "BD.HongTouTou" that injects its payload of "BD.HongTouTou.A" or "BD.HongTouTou.B" into android packages. I find this unlikely.
This should serve as an example of why you should be wary of what app marketplace you use.
Re: (Score:2)
you install it. thats how mobile malware has worked for the past 10 years. it's just that some android marketplaces have no upload checks of any kind.
i'm baffled by the summary a bit though, as there is no mention of the obvious problems with conferencing the calls of 150 000+ people and the problem of being tracked down.
Well... (Score:2)
Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.
Re: (Score:2)
Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.
Which doesn't mean it isn't happening. At least with Android, when you install an application from Market, AppsLib, or APK, it tells you what privileges the application wants.
Re: (Score:2)
Unfortunately Android still doesn't have BlackBerry's feature: allow or deny individual priveleges (or prompt on each request).
So if you have an online game that wants network access and for some reason, access to your contact list, on Blackberries you can say "Ok for network, deny for contact list", and the application gets a AcccesDeniedException when it tries to open the contact list.
And all that from "outdated" technology!
Re: (Score:1)
I would love to see that on Android, but they would have a problem with people denying for full internet access, when the app is ad-supported. So they would need to separate the channel for ad's and other internet access.
Re: (Score:2)
Agreed. The solution should be "if access to ad network is denied by client, exit app gracefully."
Re: (Score:2)
what happens when you have no network access?
There are thousands of square miles of NY State(home of 22 million people) that at best can get voice cellular service. Regions with Million dollar homes and property values of 100k an acre and the best cell coverage they get is phone calls if your lucky. It doesn't matter verizon, AT&T they all suck the same in those areas.
If the app when there is no ad network then huge sections of the USA won't be able to run the app.
Sync ads when syncing other data (Score:2)
what happens when you have no network access?
The same thing apps do when running on an iPod touch or Archos 43: show cached advertisements downloaded when the app last synchronized data to "the cloud". This makes them not clickable, but TV ads aren't clickable either.
Re: (Score:2)
I suspect that with the above system, there would be a different exception thrown for "no TCP/IP network access available" vs. "app is denied access to TCP/IP stack".
Re: (Score:2)
Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.
Which doesn't mean it isn't happening. At least with Android, when you install an application from Market, AppsLib, or APK, it tells you what privileges the application wants.
Actually, it does mean exactly this, that it isn't happening. iOS apps *can't* secretly force you into conference calls. Also, are you saying this app asked for "permission to secretly initiate conference calls"?
The fact is, we *know* about these things happening on Android. They seem to crop up more than once a month. It's technically *possible* there's something similar happening on iOS, but it's irrational to assume this, because there is absolutely no evidence whatsoever of anything like this happening
Re: (Score:2)
That's quite a roundabout way of saying "there is serious malware for Android, and not for iOS, and this is directly related to the closed App Store model compared with the open Android model."
That's the dishonesty of most Android fans. They play up the openness (which is valid) without being honest about the downsides. Sure, a vigilant geek can traverse these dangers while simultaneously taking advantage of Android's openness, but the average person can't. Why should they take risks they can avoid for bene
Re: (Score:2)
Re: (Score:2)
I'm totally fascinated by this logic:
1. Yay, Android has alternative markets, iOS doesn't!
2. [virus on alternative markets]
3. iOS doesn't have alternative markets, yay for Android!
???
That's like saying Firefox sucks because it doesn't have ActiveX.
Re: (Score:1)
Hee hee... They're just better at covering their tracks :-)... or... Apple does the spying for them. One thing is certain, smart phone, dumb phone, your call isn't private.
Re:Well... (Score:4, Insightful)
Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.
It happens just by businesses rather than "cybercriminals" http://www.readwriteweb.com/archives/dear_iphone_users_your_apps_are_spying_on_you.php [readwriteweb.com] And of course all platforms have had some sort of remote exploit http://news.cnet.com/8301-27080_3-10299378-245.html [cnet.com] Conclusion: "walled gardens" for apps just provide a feeling of security, while giving up the user-freedom of installing any app. Personally I prefer the freedom and am (so far) very happy with the homebrew community support offered by Palm (and now HP) http://www.precentral.net/hp-donates-server-homebrew-webos-internals-group [precentral.net]
Re: (Score:1)
Re: (Score:2)
i have a co worker who is on his 4th palm pre.. he got it because they where offering free tethering if you got one.. but the damn thing keeps dieing on him.
it isn't that bad of a device.. but by god is it lacking n some of the more basic user interface bits.
Re: (Score:1)
The Pre has the best user interface and it's the most hacker-friendly phone as well. But why would anyone on Slashdot be interested in that?
Re: (Score:2)
It isn't happening on Google controlled Android market either. /shrug
Let just be thankful it's a virus that spreads due to user carelessness and not one that spreads via a weakness in Android's security.
The latter one is going to be a bitch to patch with Android's "unreliable" updating on various phones.
Re: (Score:2)
What I say about the walled garden is that the stupidly tight controls do not provide sufficient benefits. Simple quality control such as *this is virus* or *this is not virus* of the Andriod Market provide exactly the same benefits without having to turn over your soul to the will of Evil Genius Jobs. That and the bo
Re: (Score:2)
Re: (Score:1)
Listening to (Score:1)
My conversations is so boring that I sometimes don't even pay attention myself
I hate to say it (Score:4, Interesting)
Re: (Score:1)
So, for most users, yes. (Score:3)
For users not advanced enough to be trusted to admin their own net-connected device, of course.
So, in general the answer is "yes".
Anyone who has had to support "normal" users has an anecdote about someone with a malware problem. Say what you will about having a single company that has to vet all apps for a particular type of device - but it does help make things easier for those of us who have to support these devices in our organizations.
Re: (Score:2)
Re:I hate to say it (Score:4, Insightful)
Nope.
Non-techy users can still use Android marketplace. If you believe yourself to be a tech user and want to try something else, you can feel free to do so. But its your risk.
Also there are tons of other reasons why a closed up marketplace sucks. If you don't want to pay the 30% to apple and sell the product from your own website - tough luck! Amazon is planning their own app store - they can't do it with apple.
Re: (Score:2)
Re: (Score:3)
If you really want to sell, the 30% is going to be payed by the user, not you...
Besides, ok, suppose you want to deal with everything: set up servers, CC processing, billing, etc, etc you'll start to think the 30% is a good deal
Been there, done that, etc
Re: (Score:2)
How, exactly, do you tell if what you're downloading is infected with a trojan such as this? Permissions list is nice, but doesn't tell the whole story. Who inspects the packages being uploaded to the unsavory store you're about to download from? I'm certain you don't inspect the contents of every app you're downloading.
I know plenty of people who download crap because "it is free", from all sorts of places who get infected by all the crap that is out there. I usually tell them "its not free", that it costs
Re:I hate to say it (Score:4, Insightful)
Actually, non-techies can use alternative marketplaces as well, just as non-techies can jailbreak their iPhones and even use ssh.
Technology skill level is not a factor - if all you have to do is follow a bunch of steps to get what you want (free apps, free pr0n, whatever), you'll find the number of people who do it suddenly rise.
Why do you think a lot of jailbroken iPhones have default passwords set? The people jailbreaking them just followed instructions of "Download program X, run this, click that, click that, then wait 10 minutes. When you're done, reboot your phone, tap this icon, tap this thing, type this, tap that, blah blah blah". And before you know it, they've installed openssh, ssh'd into their phone and done a bunch of things, to get whatever they needed, but also left their phone vulnerable.
Androids are no different. They may tell their friends that they got some new cool Android phone, and their friend tells them "hey, follow this link, it'll tell you how ot get some great apps for free", and they'll just blindly follow the instructions.
It's even why all those people dismissing those trojans and botnets infecting chinese alternative marketplaces as irrelevant are wrong. If those chinese marketplaces are offering stuff people want (free apps - why pay for them?), you'll find people will do it. Even if you warn them "Don't ever use this app" or "that site contains nothing but viruses", you'll find them accessing it if some web page tells them to.
Anyone's who had to clean up their parent's PC or their kid's PC for the Nth time already know this, and it seems if you put a block up, they'd find a way around it. (Not unlike the behavior of tech savvy people when they encounter a block). Sure they won't ask you why they can't access their favorite virus-installing pr0n site anymore, they'll ask their friends who'll give them a bunch of proxy servers and crap.
There is no solution, either - it's fundamentally a social problem. People jailbreak because they seem some cool app not in the App Store. People install alternative marketplaces to get that 99 cent app for free.
No technological hurdle is too high if you have someone wanting something, and someone providing that thing they want. As long as someone somewhere has written a set of steps on how to do it, it will happen.
Even more annoying is these people will follow those steps to the letter while your steps and instructions are ignored.
Re:There is no solution (Score:2)
Re: (Score:1)
I've found that most of the people who download malware/virii on a regular basis have now quite adept at popping a Windows disk in the optical drive and "Pressing any key to boot from CD/DVD...", probably because they saw me do it so many times to the tune of $40 and some beer that they actually learned something.
Besides, reinstalling your OS
Re: (Score:2)
Re: (Score:1)
Was Steve Jobs right? Is a single, restrictive & tested, marketplace the way to go?
No. Malware can get into a single market just by businesses rather than "cybercriminals" http://www.readwriteweb.com/archives/dear_iphone_users_your_apps_are_spying_on_you.php [readwriteweb.com] [readwriteweb.com] And of course all platforms have had some sort of remote exploit http://news.cnet.com/8301-27080_3-10299378-245.html [cnet.com] [cnet.com] Conclusion: a "single, restrictive & tested, marketplace" just provides a feeling of security, while giving up the user-freedom of installing any app. I prefer the freedom and am (so fa
Re: (Score:2)
As others have already said.. No. This involves using a 3rd party (non official) market, which requires you to set your phone to enable 3rd praty downloads. You have to go through hoops to make this happen. It's possible that phones out there in China come like this, however it's quite possible your HiPhone4 isn't really an iPhone too...
I'm not aware of this happening on the official Android market, and in fact would be rather difficult. These guys are taking Market apps and repackaging them with the sp
Re: (Score:2)
The Andriod Market isn't anywhere remotely near the perfect walled garden of happiness and friendship as the App Store, yet I don't hear of viruses or trojans propagating through it either. In fact the review / moderation system quickly weeds the chalk from the cheese, and all without some magical checklist that may or may not allow an app to pass on any given day.
Re: (Score:2)
No, really? (Score:2)
This may change slightly once Amazon and others start putting up their own app stores with their own authorization process, but that's entirely different from installing som
PRC government? (Score:2)
Re: (Score:2)
I'd just delete PRC and call it "government complicity".
That something like this shows up in the PRC makes it easy to assume that CPC/PLA were involved, but how do we know some other country isn't doing what you might call "target area testing" with their own software that's designed to be deployed in the PRC or even elsewhere?
My sense is that PRC economy, especially the digital side of it, is probably "open" enough to allow other intelligence communities to operate with relative freedom. And if something
Obligatory (Score:2)
Build teleconference virus to call 1-900 number that charges $$$ per minute
Deploy to 150,000 devices
PROFIT!!
In communist China, expensive phone number calls you.
Re: (Score:2)
Re: (Score:2)
That or someone is looking for some particular piece of information, the target has a Symbian phone, and they have the resources to burn through the mass of target data (or the software on the compromised host does it for them.)
But... why? (Score:5, Insightful)
When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.
To what end? Does it record the call and then transfer the audio somewhere? or is there a whole army of hackers waiting to 'listen in' on the calls as they get conferenced to some central numbers. Oh, and what are these numbers and has anybody tried calling them?
Or does it just add costs to your call by turning it into a conference call? If so does one particular Telco benefit?
Re: (Score:2)
All that takes is a keylogger, I was wondering about the apparent desire to capture audio data.
Re: (Score:2)
Re: (Score:2)
Or they can just watch what number you are calling ...
Re: (Score:2)
That's true; only capture calls made to known bank customer service lines etc.. then just listen to them manually..
I for one... (Score:2)
This story definitely not sponsored by Apple (Score:2)
Re: (Score:1)
Manufacturer (Score:3)
Can someone explain to me why manufacturers of software are not liable for leaving gaping security holes in software they release and its always turned towards the user. Oh the user shouldn't have done this, that and the other (yes people are stupid for downloading from unofficial sources) but the system shouldn't be so exploitable from the beginning.
No one learned from Windows all these years? What, too hard to create secure system? I guess its more important to give the consumer a new shiny every 6 months then actually create a secure system that runs on the shiny new thing.
Re: (Score:2)
We tried making the systems idiot-proof, but people kept coming up with better idiots...
Re: (Score:1)
On the other hand, the secure system mindset works fine for corporate software development. They just have to ch
Re: (Score:1)
Security hasn't significantly improved during the history of personal computing because the average users wants features, not security. Did you choose your operating system based solely on security, compatibility with applications, or compatibility with the hardware you desired to purchase?
Re: (Score:2)
buy a symbian phone with symbian signed problems.
it's not hard to create a secure system, it's just hard to create a secure system and allow it to do things too.
The execution channel... (Score:2)
IOW, Echelon for Android? (Score:2)
Homeland Security is at it again, eh? Now they wanna conference in on every mobile call as it happens, so they can listen in real-time for those Seven Words (or something)?
Apple vs Franklin (Score:2)
It's better that you give up a few freedoms in the name of security so that you can get what you deserve..
AV like AVG protect against this? (Score:1)
How have people discovered this on their device? How have they removed it? Does any current AV on the main android market protect against or even detect these? I'm thinking of AVG, or is that no longer a reliable AV, I've personally not used AVG for a year or two.
Most comments here are worried about what exactly this one virus does. I'd think as IT types the focus should be what can be done about it. (lets assume that we will be exposed to it) How do we prevent negative results from that exposure.
Nothing to see here.. (Score:2)
According to NetQin, the cybercriminals usually install the spyware on the phone by sending an MMS containing the spyware to users to lure them to click.
In other words, moronic end users who click on anything are susceptible to exploits. News at 11. I'll start worrying the day they are actually able to produce zero user intervention Symbian malware, right now, in 2011.