Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Store-Aided Mobile Attacks

Posted by kdawson on from the so-simple-a-kiddie-could-do-it dept.

Trailrunner7 sends along a ThreatPost.com piece that begins "The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years. ... But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say. This particular attack vector — introducing malicious or Trojaned applications into mobile app stores — has the potential to become a very serious problem, researchers say. Tyler Shields, a security researcher at Veracode who developed a proof-of-concept spyware application for the BlackBerry earlier this year, said that the way app stores are set up and their relative lack of safeguards makes them soft targets for attackers. ... 'There are extremely technical approaches like the OS attacks, but that stuff is much harder to do,' Shields said. 'From the attacker's standpoint, it's too much effort when you can just drop something into the app store. It comes down to effort versus reward. The spyware Trojan approach will be the future of crime. Why spend time popping boxes when you can get the users to own the boxes themselves? If you couple that with custom Trojans and the research I've done, it's super scary.'"

4 of 186 comments (clear)

  1. Re:This is why Android could take over the market. by Culture20 · · Score: 2, Funny

    Sounds like what you want is Gentoo: phone edition. Plug in your phone, type emerge --sync && emerge phone-image on the PC, wait overnight while the image compiles, then dd onto /dev/phone. If it crashes, do another emerge --sync and see if emerge phone-image compiles something new, then dd that. Call^W Email work and tell them you'll be late because you're compiling your phone OS again. They'll understand.

  2. Re:That was a close call by Techman83 · · Score: 2, Funny

    "does it crash? does it look like it does what it says?"

    Guess that's why Flash is denied.

    --
    # cat /dev/mem | strings | grep -i cat
    Damn, my RAM is full of cats. MEOW!!
  3. Re:I like the yum "app store" by Anonymous Coward · · Score: 4, Funny

    companies have been obfuscating the hell out of source code for a while now

    I believe it's called outsourcing.

  4. Re:I like the yum "app store" by tsm_sf · · Score: 3, Funny

    Since Apple has an apparently arduous approval process for their app store, I'm assuming that they guarantee everything against this sort of foolishness. I didn't bother to read the 92 page EULA that went along with it, but they're an honorable company, right?

    --
    Literalism isn't a form of humor, it's you being irritating.