Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Store-Aided Mobile Attacks

Posted by kdawson on from the so-simple-a-kiddie-could-do-it dept.

Trailrunner7 sends along a ThreatPost.com piece that begins "The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years. ... But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say. This particular attack vector — introducing malicious or Trojaned applications into mobile app stores — has the potential to become a very serious problem, researchers say. Tyler Shields, a security researcher at Veracode who developed a proof-of-concept spyware application for the BlackBerry earlier this year, said that the way app stores are set up and their relative lack of safeguards makes them soft targets for attackers. ... 'There are extremely technical approaches like the OS attacks, but that stuff is much harder to do,' Shields said. 'From the attacker's standpoint, it's too much effort when you can just drop something into the app store. It comes down to effort versus reward. The spyware Trojan approach will be the future of crime. Why spend time popping boxes when you can get the users to own the boxes themselves? If you couple that with custom Trojans and the research I've done, it's super scary.'"

2 of 186 comments (clear)

  1. iPhone Banker Trojan? by Graff · · Score: 5, Informative

    From the article:

    Banker Trojans targeting platforms such as the iPhone

    [citation needed]

    I poked around the internets a bit and only found a mention or two for iPhone trojans. These trojans were ONLY on jailbroken iPhones, not un-jailbroken ones that are using the iPhone App Store. As far as I know there have never been any "banker" trojans in the iPhone App Store.

    This article seems to be riding the coattails of the iPhone's popularity by throwing it in the mix with other platforms that have had "banker" trojans. If they have evidence of an iPhone App Store trojan I'd love for them to directly mention it rather than being vague and doing a lot of hand-waving.

    --
    Sapere aude!
  2. Clearly unfair to Apple by gig · · Score: 5, Insightful

    You can't tell me how wrong Apple is for having a closed store with strict app approvals and how other mobile makers will outdo Apple with their open stores and then wrote a malware-scare article about how app stores are too open and lump Apple in with everyone else. It's one or the other. Everyone else has Jas apps you can install from the Web and Apple has C apps you can't.

    Apple has an actual record here. They've been malware-free 100% for 2 years, 200,000 apps, over 1 billion downloads, with consumer users who don't know what malware is, doing 1-click installs.

    How you can write an article like this saying "app stores should be more closed" and not mention Apple's is closed is beyond me.

    And there has been no native malware on iPhone. Also bullshit.

    And although Apple may not strictly guarantee zero malware, they are actively policing every app. To pretend that's like having no cops, as on the other platforms, is ridiculous.

    Awful article. Just fucking awful. Do some fucking research!