Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploits Propagated Via Social Media Increase

Posted by CmdrTaco on from the bad-moon-rising dept.

Orome1 writes "Infection via email, traditionally the most popular vector for spreading malware, has declined in favor of greater use of social media. These include clickjacking attacks using the Facebook 'Like' button, fake Web pages positioned on search engines (BlackHat SEO), and zero-day vulnerability exploits. The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices. A number of different threats have appeared, primarily aimed at racking up phone bills or using the geolocalization function to transmit a user's position to a third party."

10 of 28 comments (clear)

  1. Google Android Exploits by savanik · · Score: 2, Interesting

    And here I am with an android phone that's running 1.5 because the vendor refuses to release any more updates for this 1-year old model of phone.

    Oh, wait, that's right, I already rooted and upgraded to 2.2. Nevermind.

  2. Bounce around much? by Galestar · · Score: 4, Interesting
    The title of TFA is "E-mail infections decline as exploits propagated via social media increase"

    yet it likes to bounce around to

    "The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices."

    Then to

    There has also been a great deal of commotion around two serious zero-day flaws in Microsoft OS code, one of which was exploited to attack SCADA systems (specifically in, nuclear power stations).

    This article really has nothing to say about the rise of use of social media as a vector, other than mentioning the recent twitter exploits--in the last paragraph. Why did this article make it to the front page again?

    --
    AccountKiller
  3. Re:Android default permissions by Anonymous Coward · · Score: 3, Insightful

    And actually using an Android phone says otherwise. Just install a simple app like "Text Edit" by Paul Mach - easy to find on the market. Before installing, hit the menu softkey, then the security icon that pops up. It will say "No permissions required."

    Use it, save a file. Where does the file end up? On your SD card. How did it do that?

    Now go to the homescreen, hit menu, applications, manage applications, text edit. Scroll down and what do we see under permissions? "modify/delete SD card contents" and "read phone state and identity". Permissions you were NOT warned about during the install.

    This isn't Paul Mach's fault. I just used his app as an example. This is Google's fault and they need to fix Android security!

  4. Duh by Spad · · Score: 3, Insightful

    People with nefarious goals target massively popular services with shitty security and largely uninformed users. Film at 11.

  5. Re:Android default permissions by morgan_greywolf · · Score: 2, Interesting

    Yet, the application must have requested WRITE_EXTERNAL_STORAGE in its Manifest.xml. If Market didn't tell you about it, that's a Market issue.

    All applications can READ from the external storage, which is considered public. Private data, OTOH, is required to be stored on the internal storage. This is secifically mentioned in the Developer Guide. If an app is storing private data on the external storage, then you need to tell the author that he or she is stupid. You can, of course, always remove files from the public storage by connecting mounting the SD card on a PC.

    --
    My blog
  6. Re:Android default permissions by Anonymous Coward · · Score: 3, Interesting

    Market and Android are one and the same. You can argue all day about how the documentation says this, and the AOSP code doesn't contain that, but at the end of the day, any Android device worth using has the Market app on it. People install apps through the market and have no idea that (#1) apps like "Text Edit" that didn't even ask for SD card permissions might save their documents on the SD card, and (#2) that any app that requests internet access will be able to upload those documents along with your phone number and ESN out to some sleazy server on the internet.

    The expected behavior would be that an app that doesn't request SD card writing can't save to the SD card, and that an app that doesn't request permission to read your phone's identity won't know it.

    Google has failed us. I love my Android phone, and I hope Google fixes this problem.

  7. Statestheobviousman by Idiomatick · · Score: 3, Insightful

    "The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices."

    In other news, the rise in people having unprotected sex resulted in a rise in pregnancies.

    And a rise in the number of boaters has increased the number of boating accidents.

  8. Social Media? Gr8 by ls+-la · · Score: 3, Funny

    In true slashdot fashion, I haven't RTFA. However, I see a number of people saying the article mentions attacks targeted at social media, android phones, and microsoft. As I don't use any of these, I would like to tell the hackers: Great! Keep up the good work.

  9. No way! by RocketRabbit · · Score: 2, Insightful

    I say no way! Nobody could be pirating my clicks. /drools and goes back to raising virtual pigs and sending virtual gifts to virtually unknown "friends."

  10. Comment Count by cosm · · Score: 2, Insightful

    As of posting I see 21 comments for this story, ~5 hours after its initial posting. Conclusion: Nobody cares and/or nobody empathizes with those affected by said malicious exploits propagated via social media.

    Hell, if anything, I call it digital natural selection. Taking out the weak and ignorant one Like at a time.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF