Got an Android? Be Wary

Rik · Aug 11, 2010, 18:11:28

El Reg reports that:

QuoteThe first text message-based Trojan to infect smartphones running Google's Android operating system has been detected in the wild.

Trojan-SMS.AndroidOS.FakePlayer-A poses as a harmless media player application and has already infected a number of mobile devices, Russian security firm Kaspersky Lab warns. Prospective marks are prompted to install a "media player file" of just over 13 KB with the standard Android .APK extension.

Once installed, the Trojan begins sending SMS messages to premium-rate numbers without the owner's knowledge or consent, as explained in a technical write-up by computer security researcher Jon Oberheide here. Victims wind up with a huge bill while the cybercrooks behind the scheme earn a slice of the income. The scam has only affected Android smartphone users in Russia.

In a statement, Google said its existing permission controls guard against this type of scam, which only exists for applications published outside the Android Marketplace.

I suppose it was inevitable.

Glenn · Aug 11, 2010, 18:18:52

...and so an AV product.

http://www.theregister.co.uk/2010/08/11/free_android_security_app/

Rik · Aug 11, 2010, 18:26:00

Equally inevitable...

Simon · Aug 11, 2010, 18:47:02

I wonder if a user can legally be held liable for huge bills, if their phone has been infected, and is sending data without their knowledge? I'm sure the networks monitor traffic to some degree, so should be able to spot if a phone is suddenly sending out unusually high amounts of data, shouldn't they?

Rik · Aug 11, 2010, 18:53:01

Thy should, but they'd blame the user for getting infected.

Simon · Aug 11, 2010, 18:57:18

So, the user should then blame Android / Google for the hole in the system. Good luck!

Rik · Aug 11, 2010, 18:59:11

Google's response:

QuoteIn a statement, Google said its existing permission controls guard against this type of scam, which only exists for applications published outside the Android Marketplace.

Our application permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user's phone number or sending an SMS. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.

We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market.

ibid.

Simon · Aug 11, 2010, 19:02:08

I knew they'd get out of it.

Rik · Aug 11, 2010, 19:06:23

Would you expect anything less?

Glenn · Aug 11, 2010, 19:23:53

To install an APK file that is not in the market place, it has to be done manually. It involves quite a few steps, so the average user may not how to install it.

Niall · Aug 11, 2010, 22:18:36

Ironically my mate has just bought a new mobile for the first time in about 6 years today, and it's an android phone. He's so pleased to hear this news

Simon · Aug 11, 2010, 22:44:09

Seems he'll be OK as long as he sticks to the Android apps store. Of course, that's what they want you to do anyway. Makes you think, perhaps?

Technical Ben · Aug 11, 2010, 22:55:54

| said it before and I will say it again. Why not lock the tools out in the sandbox? If it's a media player, it does not need to send messages, and only need read access to the memory card. So, a pop up for every message sent by a program would soon stop it, as you notice it wants to send 10 messages to 08005318008. My LG does this, and it's 3 years old...