Mobile, Vulnerability

“Almost Every Android Device Is Malware Infected” says BT

Jill Knesek, head of the global security practice at British Telecom (BT) said at the NetEvents Americas some comments which we hardly believe.

She said:

We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware. Almost every device is compromised with some kind of malware, although often it’s not clear if that code is active or what it is doing

Which is a little hard to believe, and really pushes what BT’s idea of “malware” is, and where this metric has come from (if anywhere). It’s also good to know that Google and BT don’t have a good relationship, so it could just be chatter.

There is no word of where these 1,000 Android apps have come from, whether they came from the Google Play Store or not. If they did, then that means serious work on the Google Bouncer is needed, although I’m not surprised considering all of these spammy “wallpaper” apps can appear sometimes in search results.

Jill also said:

Malicious code is just one example of the many security vulnerabilities in mobile systems. GPS devices can also be hacked. It’s going to take one young woman to be stalked, raped and killed before people realize the need security on GPS

which is incredibly crude of her to say, as “GPS devices” are not the thing a “young woman” is going to carry around, but if they mean phones with GPS chips inside of them, then okay but it’s going to be pretty difficult considering the GPS is not always active so it’s just complete rubbish and researchers are working on it, so she really needs to keep up-to-date.

What’s even worse is this,

I think hackers will steal biometrics with man in the middle hacks–handsets need to be encrypted end-to-end as the Backberry does

I don’t think many “man in the middle” attacks are quite possible, as with systems like https block these attacks from taking place, and RIM’s servers if hacked would prove much more devastating that one device.

At the same conference, Wayne Rash a “technology journalist” who was moderating the panel, said he found malware on an App pre-loaded on the phone “provided by Google”. However, it could have quite easily have come from Samsung or his mobile provider, and yet again the loose definition of malware these days is entirely questionable.

Also, on an even worse note, van den Breekel said:

We see [Deep Packet Inspection] as a very big market, and we get a lot of demand for testing the technologies. You will be able to select what kind of app you allow–you can block DropBox and Skype, for example, to prevent corporate data from winding up on those services. Service providers will have the option to allow access to only certain apps—they will offer one thing and block the rest, We are just at the very start of this trend

For one, I hope this trend does not take off at all, as it ruins the little Net Neutrality we have at the moment, and it means networks can charge a lot more easily for different services, and be ensured that those are enforced quite roughly. And it is quite easy to prevent corporate data from being sent to Dropbox and Skype by simply not choosing to send it to or through them, and it is up to corporation’s IT departments to tell people not to send data through them.

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s