Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Store-Aided Mobile Attacks

Posted by kdawson on from the so-simple-a-kiddie-could-do-it dept.

Trailrunner7 sends along a ThreatPost.com piece that begins "The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years. ... But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say. This particular attack vector — introducing malicious or Trojaned applications into mobile app stores — has the potential to become a very serious problem, researchers say. Tyler Shields, a security researcher at Veracode who developed a proof-of-concept spyware application for the BlackBerry earlier this year, said that the way app stores are set up and their relative lack of safeguards makes them soft targets for attackers. ... 'There are extremely technical approaches like the OS attacks, but that stuff is much harder to do,' Shields said. 'From the attacker's standpoint, it's too much effort when you can just drop something into the app store. It comes down to effort versus reward. The spyware Trojan approach will be the future of crime. Why spend time popping boxes when you can get the users to own the boxes themselves? If you couple that with custom Trojans and the research I've done, it's super scary.'"

2 of 186 comments (clear)

  1. iPhone Banker Trojan? by Graff · · Score: 5, Informative

    From the article:

    Banker Trojans targeting platforms such as the iPhone

    [citation needed]

    I poked around the internets a bit and only found a mention or two for iPhone trojans. These trojans were ONLY on jailbroken iPhones, not un-jailbroken ones that are using the iPhone App Store. As far as I know there have never been any "banker" trojans in the iPhone App Store.

    This article seems to be riding the coattails of the iPhone's popularity by throwing it in the mix with other platforms that have had "banker" trojans. If they have evidence of an iPhone App Store trojan I'd love for them to directly mention it rather than being vague and doing a lot of hand-waving.

    --
    Sapere aude!
  2. On blackberry? Not so much by Jeffrey+Baker · · Score: 4, Informative

    Any app on the blackberry requires user intervention before it's allowed to fetch URLs, open raw sockets, read email, dial the phone, get your location, manipulate the address book, or do any other damned thing. And 90% of the APIs require the developer to be vetted through the app signing process. It actually seems much less vulnerable to trojans and spyware than a PC.