Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Store-Aided Mobile Attacks

Posted by kdawson on from the so-simple-a-kiddie-could-do-it dept.

Trailrunner7 sends along a ThreatPost.com piece that begins "The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years. ... But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say. This particular attack vector — introducing malicious or Trojaned applications into mobile app stores — has the potential to become a very serious problem, researchers say. Tyler Shields, a security researcher at Veracode who developed a proof-of-concept spyware application for the BlackBerry earlier this year, said that the way app stores are set up and their relative lack of safeguards makes them soft targets for attackers. ... 'There are extremely technical approaches like the OS attacks, but that stuff is much harder to do,' Shields said. 'From the attacker's standpoint, it's too much effort when you can just drop something into the app store. It comes down to effort versus reward. The spyware Trojan approach will be the future of crime. Why spend time popping boxes when you can get the users to own the boxes themselves? If you couple that with custom Trojans and the research I've done, it's super scary.'"

3 of 186 comments (clear)

  1. Re:That was a close call by Cryacin · · Score: 0, Troll

    You missed "will it displease the all knowing, all mighty overlord and ruler of the universe, Grand Poobah Steve Jobs."

    That one's important.

    --
    Science advances one funeral at a time- Max Planck
  2. Re:Open Store, Open Door... by QuantumG · · Score: 0, Troll

    I was talking about linux distro repositories. I expect Apple can't do anything (right).

    --
    How we know is more important than what we know.
  3. Re:Open Store, Open Door... by Anonymous Coward · · Score: 0, Troll

    There is no difference between jailbreaking and placing a world writable anonymous FTP directory on a machine with a root account with no password onto the Internet. Both just attract blackhats, and allow them to use the item as a staging point for attacks. For good measure, perhaps a bash shell hanging off the telnet port.

    Jailbreaking is something that should bring criminal charges. It puts vital communication systems in jeopardy, allows malware authors easy access, and violates IP laws.