FBI warns that Android phones are havens for malware
Source: BGR/Fortune
A division of the Federal Bureau of Investigation has issued a warning to smartphone users about mobile malware and device safety, specifically regarding the Android operating system. A report published late last week the Internet Crime Complaint Center revealed that it has been made aware of various malware attacks, such as Loozfon and FinFisher, that target Android smartphones. Each malware is different and can range from stealing a users address book to completely taking over the infected device. The agency notes that Loozfon and FinFisher are just two examples of active malware that are used by criminals and users should take precautions to protecting their devices.
When purchasing a smartphones users should know the features of the device and use protective features such as device encryption and antivirus software to guard personal data. When downloading and purchasing apps, the FBI advises that users not only read reviews but also understand the permissions, such as Geo-location, they are granting the apps. Geo-location is used in applications to track a users location mostly for marketing purposes, but it can also be used for malicious purposes such as cyber stalker or burglaries.
The agency recommends that for physical security smartphone owners should consider locking their devices with a pass code and only connect to trusted Wi-Fi networks. Lastly, smartphones should always be kept up-to-date and users should avoid jailbreaking or rooting their devices to avoid greater security concerns.
All in all, users should be using the same precautions on their mobile phone as they do on their computers.
Read more: http://news.yahoo.com/fbi-warns-android-phones-havens-malware-181958059.html
Indydem
(2,642 posts)The most terrible thing that ever happened to the world was apple!!!111!one
onehandle
(51,122 posts)Free me from being able to do 100% of what 99% of smartphone users want to do with thousands of percent less chance of being infected/hacked.
Heh...
Xithras
(16,191 posts)There will always be those who abuse it. Still, given the choice, I'd rather have my freedom and deal with the consequences. Keep your koolaid.
Bradical79
(4,490 posts)I don't see how the quality of a competitor's operating system relates to how ethical your company is.
Indydem
(2,642 posts)The "evil" is the closed vs. argument argument.
Google's Android is "open" which means the source code is readily available and modders and hackers are able to do more customizing of the software. This also means exploits can be located and used, and malware created. You can install android software from about anywhere and do not have to go through a centralized store.
Apple's iOS is "closed" or a "walled garden." All of the software is screened by Apple and verified of it's integrity before it goes intot he app store - the only place you can install software from.
This has absolutely nothing to do with the ethics of a company. If that were the case then Apple is one of the most ethical companies in the world, on several fronts.
Bradical79
(4,490 posts)I understand what you were saying now though. I'm a programmer, so yeah I do keep up with that stuff. Just this being a Democratic political site I was thinking as "evil" more in terms of things such as labor rights.
KamaAina
(78,249 posts)not only because Windows was (and is) ridiculously easy to exploit, but because the user base is much larger. So, malware writers, just like legitimate product developers, targeted the larger market.
onehandle
(51,122 posts)Backwards compatible with viruses, applications, trojans? check.
Willing to cut corners for market share? check.
No control over endpoints? check.
I think you have a good point.
Panasonic
(2,921 posts)I just bought Samsung Galaxy III S (16GB) for $200.
My father is swearing up and down that Samsung was selling them for $100, but can't find it.
My carrier is Sprint.
mwooldri
(10,303 posts)... which co-incidentally Sprint were doing for $100 - Radio Shack had 'em for $75 on Sprint's network.
MuseRider
(34,111 posts)like anyone with any sense would. Join a forum and get recomendations on progams to protect it. Easy peasy. I have both Mac and Android systems. I hate Macs but they do work well. I LOVE my Androids and they work every bit as well AND they play well with others who also play well with others.
unc70
(6,115 posts)I have been in the industry for well over 40 years. I'm an expert in networking, security, hardening systems, and a lot more. I have few illusions about security on any system, know most of them well. (personal respect goes to OpenVMS).
Android is a mess, probably beyond help.
frylock
(34,825 posts)unc70
(6,115 posts)You don't have to click on anything, nor download anything, nor go to a known bad site.
Posteritatis
(18,807 posts)sharp_stick
(14,400 posts)Any news is considered Latest Breaking huh?
Posteritatis
(18,807 posts)onehandle
(51,122 posts)Blue State Bandit
(2,122 posts)Indydem
(2,642 posts)That's fine on a plugged in WinPC or a laptop with a battery the size of a brick, but on a smartphone?
No wonder my friend's android battery never made it to noon.
barbtries
(28,798 posts)i can not figure out how the hell to use it. so frustrated.
Lucy Fer
(11 posts)Google needs to improve customers' privacy.
onehandle
(51,122 posts)FredisDead
(392 posts)android phone outsells the iPhone 4 to 1 worldwide, and no Chinese workers are complaining to Google about the harsh working conditions at Foxconn.
onehandle
(51,122 posts)The difference is that Apple is making hundreds of billions in profit. Google has lost 20 billion on Android.
FredisDead
(392 posts)Where do you come up with this nonsense?
Art_from_Ark
(27,247 posts)but there are apparently no publicly released figures about how much they are losing.
http://www.pcmag.com/article2/0,2817,2403972,00.asp
onehandle
(51,122 posts)Android is a loss leader. They are basically giving away devices to attempt to keep up with Apple.
20 billion isn't much to Google, and certainly not to Apple.
boppers
(16,588 posts)Wow. You should totally read up on how this market works.
Hint: Foxconn clients: http://en.wikipedia.org/wiki/Foxconn#Major_customers
FredisDead
(392 posts)boppers
(16,588 posts)I assume you are responding on a computer. Therefore, you are supporting FoxConn.
I could be wrong, of course, you could be typing with ink and mailing your responses to somebody else who uses a FoxConn machine to enter it... but I doubt that.
Bradical79
(4,490 posts)Google bought Motorola Mobility earlier this year and Motorola Mobility uses Foxconn.
defacto7
(13,485 posts)Everything listed on that post is applicable to all smart phones. No smart phone is immune including Apple/MS. ALL smart phones are vulnerable. It's the nature of computer marketing vs. technological stability of both hardware and software.
I very much dislike propaganda that muddies the facts to make a buck. It this really LBN?
Any computing device that has the ability to be 'open' also runs the risk of more malware and viruses.
Yet, Apple is not immune to security issues either even though it is a walled-garden approach.
NASA has no problem using Android based phones for mission critical applications so really how much of a concern is this outside of the idiot American who should only use a device up to his or her educational level and expertise?
And guess which phone is used by the Pentagon? Yup, a modified Dell phone with a custom Android rom.
This IS propaganda disguised as news. Sadly, isn't most of the 'news' today that way?!
boppers
(16,588 posts)iOS makes it harder to pile crap on it.
TM99
(8,352 posts)True, and iOS still has crap. It is just controlled more closely by Apple, and they make sure to get their 30% cut on that crap.
defacto7
(13,485 posts)I call it protecting your product from being owned by the owner. Old story.
The OS is relatively insignificant. iOS/Unix/Linux basically the same thing. MS, is it's own mistake... plus a hidden unix shell !!!
The "crap" is the fault of the manufacturers of all these devices. The "pile" is the stuff made by people who take advantage of the "crap" made by the manufacturers.
The "hole" is the hardware, all of it, and no manufacturer is safer than another. But no one wants to talk about that.
Smart phones are easy targets period. Whether they are hacked from within or hacked from the outside the data is vulnerable.
If people want to play with these toys, they need to know what they should and should not do with them. The manufacturers will not help you beyond their stake in the profit... and that may include letting them own what you paid for.
Ironic... Sounds like right wing politics.
boppers
(16,588 posts)It's also why i386 family products were so lame and easily exploited.
Oh, and I'm not sure where you get the idea MS has a "hidden unix shell". cmd.exe is a long, long ways away from a unix shell.
As far as smart phones being "easy targets", it's not the hardware that's the target, it's the users. Owning a computing device is fairly easy, the harder part is owning the human using the device.
defacto7
(13,485 posts)You have to know how to access it and you won't find a "howto" it in the user manual.
I'll go along with part of your argument, I just don't think its complete. First, it is the hardware that makes the system a system. If you want the user, you target the programming and that's usually enough. If the programming is stealthy you target the holes in the hardware or the data on route. The hardware is manipulatable if you know how to access it. But your last statement may be making my point. I don't wish to own anyone and I sure don't want to be owned. But it also means I don't wish to be lead blindly. I think many people have no idea that are being lead blind. It's better that people learn to use their heads, not be a slave to a company, a brand, a system that use them and bilk them. But until people really want to be better than they are, they are still going to keep walking over that cliff.
boppers
(16,588 posts)I have never heard of this "unix shell" and am curious. Do you mean the interface to the VMS kernel subsystem (a result of NT (and all future kernels) being a VMS hybrid)?
As far as the better hardware design, Apple, for many years (along with Sun, IBM, etc.), used hardware packages that were much, much harder to exploit, by design. The Wintel line needed backwards compatibility, as a business model. This meant (and still means) that backwards compatibility with malware was preserved.... so a virus written for MSDOS worked quite well for 20+ years, while a SunOS/Solaris virus only had a lifecycle of a few months to a few years, a MacOS virus had a lifecycle about the same.
Fair warning: I've actually written MacOS malware detection software, Wintel detection software, etc. I am not a fanboy.
defacto7
(13,485 posts)Ha... you've got to be kidding?
Now that's a little funny. And Fanboy? Jeess.
Anyone who comes up with cmd.exe as an answer, well... speaks for itself.
What the hell are you talking about? MacOS virus? Sounds like your selling something or your defending a fight I wasn't fighting, otherwise MacOS really has hit the waste bin.
I have nothing to prove, but you do seem to need to prove yourself. I'm not biting so no warning required.
Oh well... Enjoy beating your chest. And be well !
boppers
(16,588 posts)Thanks.
frylock
(34,825 posts)frylock
(34,825 posts)that's really how the title should read. let's take a look at loozfon, for instance:
Security researchers from Symantec have detected a new Android trojan currently circulating in the wild, attempting to socially engineer Japanese female users into downloading and executing the application on their mobile device.
What's particularly interesting about this Android malware, is that it also has a built-in spreading capability, namely, it sends spam stating that the sender can introduce the recipient to wealthy men. When users click on any of the links found in the emails, they're prompted to download a copy of the malware.
http://www.zdnet.com/loozfon-android-malware-targets-japanese-female-users-7000003236/
finfisher is also installed on the device by, you guessed it, users clicking a link within an email. this is just common sense, folks. don't click links in emails and don't install unnecessary apps, particularly from untrusted sources.
MrsBrady
(4,187 posts)If you don't click on sh*& when you don't know who or what it is, then
you usually won't have a problem.
Hutzpa
(11,461 posts)yet they complain. Even if the law is changed, morons are still going to be morons. They make life just that much difficult for everyone else by being stupid.
Morons always wants to be part of a trend with no knowledge of how the product works, but since John and Jane Doe are using one it means they can use one also.
GeorgeGist
(25,321 posts)they also vote.
mwooldri
(10,303 posts)Add people who can be slightly dangerous with a computer onto an Android device - yep there's a recipe for disaster. Plus Android is a popular mobile operating system.
But this is not Windows for the 21st Century as someone up-thread pointed out. Unlike Windows, Android *is* open. You can get the source code. Android is more related to Linux than Windows. Also Android anti-malware software generally only runs when an application is being installed.
LTR
(13,227 posts)And Android itself is open source, though there are some Android-derived OS's like MIUI that are proprietary. Plus, some companies like Samsung and HTC have their own interface overlays added to their phones.
defacto7
(13,485 posts)mwooldri
(10,303 posts)The Android kernel is a fork off the official Linux kernel, but at the application level they don't have much in common at all. It would take a fair bit of work to get a Linux app to work in Android and vice versa.
lib2DaBone
(8,124 posts)They are the ones doing the spying......
LTR
(13,227 posts)I'm an Android user, running a rooted phone with a custom CyanogenMod-derived ROM. It originated on the XDA forum, and those people really rip these things apart in the building and testing processes. I haven't had any serious issues in regard to malware, Trojans, etc.
What any smartphone user should be concerned about are questionable apps that ask for strange permissions, or do unauthorized things with them. For example, games really don't need access to your contacts list. Check the comments on Google Play or the Apple App Store.
And download apps from reputable sources that do their best to weed out malicious apps. They don't always get them at first, but they do act quickly.
MuseRider
(34,111 posts)I have been using Androids since the first Motorola Droid. I am a stupid user, don't know much but I do know to protect my stuff. This is rubbish news as even I have been able to avoid problems.
alp227
(32,026 posts)And what I do is configure my droid so that it does not accept apps outside the Google Play service. And of course avoid clicking on suspicious links whether thru email or BBS etc.
Tabasco_Dave
(1,259 posts)I don't have to worry about this shit.
IDemo
(16,926 posts)No camera, no internet, no apps, no problem!
Comrade_McKenzie
(2,526 posts)onehandle
(51,122 posts)hexola
(4,835 posts)I just don't see how this is possible...how can such an agency make comment about the functionality of one product?
Who do you think is thanking the FBI - Android or Apple?
onehandle
(51,122 posts)Android is clearly the new Windows.