How Hackers Take Control of Phones
Technologists generally love open standards – the system that allows products from many different companies to work together. But open systems require that “open” products be designed to have doors through which they connect with other products, and that means that “bad guys” also learn how to use those same doors to connect to those products.
Google promotes the “open” nature as one of the primary strengths of its Android operating system. However, Mashable today has an article describing how hackers can easily use that “open” nature of Android phones to take control of them and spy on all of the activities of the phone owner. That article is here: [Link].
SpyPhone software — or monitoring malware — is nothing new. Apart from commercial and legal applications that let a mother monitor what her kids are doing, there are also more questionable ones. Nations use SpyPhone malware as a cyber espionage tool to spy on their adversaries through apps that contain trojan viruses. That’s what happened to Tibetan activists, for example,as Mashable reported in March.
Lacoon Mobile Security survey Android phones in partnership with a global cellular provider. They found that 1 in 800 Android phones are already infected by SpyPhone software. The survey data was disclosed this week at the annual Black Hat conference in Las Vegas [Link].
“The Google Apps Store has not had an impressive track record of keeping malicious applications out,” Kurt Baumgartner, a senior security researcher at Kaspersky Labs told Mashable. Baumgartner called Google’s model of screening malicious apps “broken.”
“The model seems to be ‘well, we will let a certain number of users and infections get through – that’s acceptable.’ And eventually it gets cleaned up,” he said.
The alternative to the “open” system that is advocated by Google is the more secure system of Apple, in which one company attempts to provide each of the major parts of the overall customer experience and does not disclose how those various parts interact with one another.
It is a dangerous world out there – be careful! Ultimately, the problem is the business model chosen by Google. It makes profits by targeting advertisements to people – so the Android phones were conceived and designed to monitor their owner’s activities and deliver back to Google information that could be used to better target those advertisements. It was probably inevitable that hackers would leverage that design.
“All the functionality is there for full fledged SpyPhone application,” Baumgartner said.