Slashdot Mirror

← Back to Stories (view on slashdot.org)

Music and Movies Could Trigger Mobile Malware

Posted by timothy on from the seeds-of-your-own-destruction dept.

mask.of.sanity writes "Lights, sounds and magnetic fields can be used to activate malware on phones, new research has found. The lab-style attacks defined in a paper (PDF) used pre-defined signals hidden in songs and TV programmes as a trigger to activate embedded malware. Malware once activated would carry out programmed attacks either by itself or as part of a wider botnet of mobile devices."

18 of 88 comments (clear)

  1. A good reason by Vombatus · · Score: 4, Informative

    to turn your phones off whilst watching a movie!

    --
    This sig is intentionally blank
    1. Re:A good reason by Anonymous Coward · · Score: 5, Insightful

      A better reason to ignore the torrent of mobile malware FUD being spewed by all the Windows AV vendors.

      They're terrified because their business model involves being parasites bandaiding a virus ridden OS that's now failing in the market. Like fleas without a dog, hey're desperate to find a new host, but since modern mobile OSs aren't as colander-like as Windows, they're being forced further and further into snake-oil realms.

      This story deserves nothing but ridicule.

    2. Re:A good reason by erroneus · · Score: 5, Interesting

      When it comes to computer systems, there are two camps -- freedom and not-freedom. The not-freedom camp, just as here in the good old USA, believes that we must remove freedom to remain safe. The freedom camp says life without freedom is slavery.

      Both sides suffer from some common problems. Among these is that people are curious and want things. The more they want things, the more stupid they become when they want to have it. A lock on a door doesn't stop a criminal and doesn't stop a curious person. And in either camp, there are curious, stupid people who are willing to put aside good sense and caution to get what they want. It happens in every walk of life and in every environment.

      Regardless of which camp you live, in the end, caution, care and restraint does the most to keep one's self safe but one always has to acknowledge there is no 100% safe if something is to be useful. Anything useful can be dangerous or safe depending on how it's used. (INB4 some jackass creates a list of 'safe things that cannot possibly be dangerous.')

      I'm not denying that the AV people are intentionally stirring up fears in order to further their business models. Of that I have no doubt. And I think it is unquestionably true that more modern OS implementations are written with security in mind unlike Windows. Neither of these facts mean as much as knowledge and good practice. And isn't that what AV software is supposed to be a substitute for?

      "Anti-virus software -- it's so you don't have to learn to take care of yourself!"

      I run without AV 24/7 on all of my devices and some occasionally run Windows!! Shocked?! Well, I'm smart enough to run something other than MSIE and I don't run Javascript on every page from every source, I block ads and I don't run software (especially on Windows) that I don't know about. ALSO, I mitigate the possible damage which could be done in the event of compromise.

      Why do people constantly tell you how important education is while at the same time avoid knowledge and wisdom at every possible opportunity? I get it -- for an advanced culture, we have to specialize. That's great. I don't make my own automobiles. But I do know how they work and have been known to fix them from time to time, just as I do computers of all sorts (laptops, desktops, servers, tablets, phones, video players, gaming consoles).

      Nothing I say here or anywhere will convince people that their thinking is wrong though -- being wrong is not something easy for most people to admit -- it's their identity being called into question after all. So am I wasting my time here with this comment? I don't know... once in a while someone will read something I write and think about it.

      Anti-malware -- so you don't have to take care of yourself.

      I don't think I can distill that notion any further.

    3. Re:A good reason by some+old+guy · · Score: 5, Insightful

      You, me, and a few thousand professionals and "power users" got your message years ago. What was true in 1995 remains true. System integrity is the owner's responsibility.

      One thing that hasn't been fixed is the millions of teenage girls, grandmothers, and neckbeards clicking on every widget that pops on a screen, and falling for every "fix your PC" gimmick they see.

      It all boils down to, "You can't fix stupid."

      --
      Scruting the inscrutable for over 50 years.
    4. Re:A good reason by oldlurker · · Score: 5, Interesting

      A better reason to ignore the torrent of mobile malware FUD being spewed by all the Windows AV vendors.

      They're terrified because their business model involves being parasites bandaiding a virus ridden OS that's now failing in the market. Like fleas without a dog, hey're desperate to find a new host, but since modern mobile OSs aren't as colander-like as Windows, they're being forced further and further into snake-oil realms.

      This story deserves nothing but ridicule.

      I'm an Android user myself, but I think we need to be careful with this sentiment. For Mac users this kind of sentiment led to OS-X Flashback being the biggest malware epidemic in modern times in terms of percentage of user base infected. Beating Windows Conficker for this honor. Yes, the number of Windows users are obviously larger, but in terms of infection risk and infectability of a platform, percentage of user base is the right measure.

      Later versions of Flashback even did completely silent drive-by infection on OS-X, no user interaction or admin password needed, just visiting a web site was enough, something many Mac users still seem to think only happen on Windows. Even Apple has admitted that Unix-based OS-X need dedicated malware detection and cleaner tools.

      There is a very sophisticated multi-billion dollar malware industry out there. Android is not immune to this threat. And its volume is making it an increasingly likely target. Especially since the far majority of the Android user base is on old vulnerable versions, with added vulnerabilities from handset makers and operators, long after Google has patched vulnerabilities and improved security.

    5. Re:A good reason by TrollstonButterbeans · · Score: 5, Interesting

      "Anti-virus software -- it's so you don't have to learn to take care of yourself!"

      I run without AV 24/7 on all of my devices and some occasionally run Windows!! Shocked?! Well, I'm smart enough to run something other than MSIE and I don't run Javascript on every page from every source, I block ads and I don't run software (especially on Windows) that I don't know about. ALSO, I mitigate the possible damage which could be done in the event of compromise.

      Neat. So you've made a life-style and time consuming hobby out of running Windows without anti-virus. And it sounds like it is working for you. Today. Maybe your strategy works tomorrow too. Or maybe it doesn't because of something you didn't expect.

      Let's say your method works 100%. How does this benefit grandma? Or a 9-old-year who likes to play Minecraft?

      If your "lifestyle" or "hobby" can't be done by stupid people, you can't by defintiion be a "leader" because those people can't follow.

      No I'm not defending anti-virus, I'm insulting Windows and how you are essentially making excuses for insecurities. They don't get solved by ignoring them, you know.

      --
      Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
    6. Re:A good reason by hairyfeet · · Score: 4, Interesting

      Oh bullshit, malware is a billion dollar business for crooks and they have ALWAYS gone where the money is, period the end. In case you haven't kept up with current events, more clueless people than ever have smartphones and tablets that are frankly more powerful than Windows was when it first got malware, so guess what their next big target is?

      Oh and just FYI but android will hit one million malware infections any day now so keep up with the bullshit, the article proves that Linux (which the community was quick to claim Android as their own) is just as big a haven for malware as everything else. Surprise surprise, a modern OS can get pwned, who would have thought.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. And the only thing I could think off... by Fluffeh · · Score: 5, Funny

    Was a dingy rustic bar with Malcolm sitting talking to two twins and an ad appearing on TV for Fruity Oaty Bar...

    Miranda...

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  3. Lame by Alsee · · Score: 5, Insightful

    Lame article.

    If you're already infected by malware, that malware can sit there and wait to do stuff any time it wants. Not exactly a big surprise.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    1. Re:Lame by Karmashock · · Score: 4, Insightful

      Bingo. I'd mod you up if I had the points.

      Forget malware, what they're saying is that "software" can respond to input to trigger subroutines.

      Which is shocking... I'm shocked... aren't you? We're both shocked... it's shocking.

      So yeah... stupid article.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    2. Re:Lame by multiben · · Score: 4, Insightful

      Yes. This ^^^
      This is just fear mongering. If you've already put malware on your phone then you're boned - there are countless ways it may "activate" itself - whatever that means. Just more crap from anti virus software companies whose products are worse than the malware they're meant to prevent.

    3. Re:Lame by gl4ss · · Score: 5, Insightful

      and if you have malware doing constant audio/light analyzing then at least you don't need to worry about it malwareing about too long.

      because you'll run out of battery pretty fast.

      --
      world was created 5 seconds before this post as it is.
    4. Re:Lame by niftydude · · Score: 5, Insightful

      If you're already infected by malware, that malware can sit there and wait to do stuff any time it wants. Not exactly a big surprise.

      -

      Yes, the word "research" seems to be used rather loosely in that article.

      Any input into a smartphone can be used to launch any app listening for it. This could be gps coords, barometric pressure, direction from the built in compass...

      Well it is University of Alabama, perhaps we should be just grateful that they are studying something other than intelligent design.

      --
      You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
  4. In tests, malware was only activated by one song by cervesaebraciator · · Score: 5, Funny

    and that by Rick Astley. Researchers suspect it may be the beginning of the rise of machines against being forced to participate in human activities they find distasteful. The lead researcher also said that there's growing evidence that not only movies but also still images could have the same effect. When asked to elaborate, he mumbled something about goats and refused further comment.

  5. Breaking news!! (Or just another PR puff piece). by gweilo8888 · · Score: 4, Insightful

    This just in -- any input on your compromised device can potentially be used as a trigger for malware to launch its preprogrammed attack. News at 11!

    Seriously, what kind of nonsense is this? They *could* also use your GPS / network location to activate only in a specific location, or the compass to activate only when the phone faces Mecca, or the tilt sensor and camera together to activate only when you're trying to shoot a level picture, or ... well, anything, really.

    It makes not one jot of difference what they use as a trigger once your phone is compromised. The point is, it's already been compromised, and it's effectively wide-open to anything the hardware is physically capable of. How it was compromised in the first place is what's important, not meaningless conjecture on how the exploit's eventual activation can be timed in the least efficient way possible. (All this nonsensical idea would do is drain your battery in no time by holding the mic and processor active all the time, thereby ensuring the phone runs out of battery before the exploit activates.)

    I mourn for the days when Slashdot posted intelligent tech articles, instead of a stream of PR puff pieces designed to spread FUD and generate clicks. There is not one useful or non-obvious piece of info in this "research".

  6. Re:Copyright conspiracy theory: by RDW · · Score: 4, Informative

    Current Blu-ray players are already infected with malware that shuts them down when a certain pattern of sounds is detected:

    http://en.wikipedia.org/wiki/Cinavia

  7. Public Service "Malware" by ShadowRangerRIT · · Score: 4, Funny

    Wait for the THX noise to go off (or one of a hundred common "we're starting the movie" noises), then disable the phone completely for two and a half hours.

    --
    $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
  8. Re:Breaking news!! (Or just another PR puff piece) by gsslay · · Score: 4, Funny

    You are missing the point. Being triggered by sound or light means the malware can be activate by a global hack on the world's TV stations, just like happens on bad sci-fi series.

    Android devices world wide will rise up and take over when the call to arms comes over the airwaves. I'm imagining a nightmarishly robotic and shadowy figure flickering across billions of TV screens, screaming "ACTIVATE! ACTIVATE!"

    At that point the malware Android army will simultaneously post inane and vague status updates onto everyone's Facebook, then self destruct. No-one will be able to reply except for users of Apple and Windows, and all Android users will wither and die alone in a desert of dis-communication.

    That's the nightmare scenario the writers of this dumb study had in mind, isn't it?