[Dubdub]

Security firm Kapersky Lab has issued a warning for users of Android handsets. Kapersky says it has discovered the first Trojan-SMS that specifically targets Android devices.

The Trojan, named SMS.AndroidOS.FakePlayer.a, tricks users into downloading it by posing as a media player. After the 13Kb app is installed, it begins sending SMS messages to "premium rate numbers" unbeknownst to device owners. The result is that end users are hit with unwanted SMS-related charges on their wireless bill. Kapersky cautions that Android users pay close attention to the services that applications request to access before installation.

[TBOLTRAM]

Sounds like a non-secure phone operating system. So much for the fad of the month.

[akosnitzky]

I guess my blackberry is a nice thing to have with all the Droid Hype.
Posted via BlackBerryForums.com Mobile

[aiharkness]

Security is something I didn't think a wit about when I bought my first blackberry. But it's something I've come to appreciate. If I ever contemplated switching to another system, secuity would be the top consideration; but I don't know what compares to blackberry, really, in a device that I would use.

Today I followed some news alert links to new articles about the anticipated blackberry tablet. The latest articles said it will be running android. I said to myself, geeze, no, please no. Then read a post at BGR discounting that rumour and referring to RIM's purchase of a company called QNX. Googled QNX and feel better.

[jsconyers]

In all fairness, the user has to go into their security settings and uncheck a setting to allow unsigned apps. Even after that, they are prompted with a screen that shows what the app will need to access (like the permissions screen on the BlackBerry) and they have to okay it.

Why would any user install a media app that asks for permission to access SMS? No matter how secure a device is, the weak link is the user. This isn't a sign of an non-secure OS, the security flaw here is the user.

[TBOLTRAM]

Quote:

Originally Posted by jsconyers

In all fairness, the user has to go into their security settings and uncheck a setting to allow unsigned apps. Even after that, they are prompted with a screen that shows what the app will need to access (like the permissions screen on the BlackBerry) and they have to okay it.

Why would any user install a media app that asks for permission to access SMS? No matter how secure a device is, the weak link is the user. This isn't a sign of an non-secure OS, the security flaw here is the user.

JS, you are an educated user. I wonder how many of the other users are? How many people will try and get something free? The real problem is that it is going to get worse.

[aiharkness]

I can't cite any details, but generally speaking, it would be possible for malware to get installed on a blackberry if the user were tricked into installing it, correct?

If what JS says is true -- and I believe him -- then you can't blame the OS.

[Dubdub]

I think all viruses and trojans, et al, get to your PC by some sort of user disconnect. They don't get there totally by themselves.

[aiharkness]

Quote:

Originally Posted by Dubdub

I think all viruses and trojans, et al, get to your PC by some sort of user disconnect. They don't get there totally by themselves.

I think it may be more correct to say most do; but plenty of windows user get their PC infected even when doing everything they are supposed to do. Don't know about newer windows, but winxp and earlier, certainly. There are things users can do (sandboxes and so forth), but those solutions are so far separated from out-of-the-box secure it isn't funny.

[daphne]

Quote:

Originally Posted by Dubdub

I think all viruses and trojans, et al, get to your PC by some sort of user disconnect. They don't get there totally by themselves.

Sometimes they do get there by themselves, with no user action. This can happen by landing on a page with an invisible iframe redirecting to a malicious site running exploits. Happens quite often actually. Not just Windows exploits, also Firefox, Adobe Reader and Acrobat, Quicktime, java, Wordpress and the list goes on and on.

The bad guys hack good normal websites and plant malicious code to spreak their evil.

Also there are worms that roam the internet waiting to infect unprotected, unpatched systems. This is from a few years ago, I don't think it happens so much now.

Infected in 20 minutes • The Register

Anyone remember the slammer worm?
Study: Slammer was fastest spreading worm yet | Networking - InfoWorld
I'll never forget that night when it hit, watching website after website go down. Didn't know what it was til the next morning. Very freaky.

[daphne]

First SMS Trojan detected for smartphones running Android


Moved to security section.

[daphne]

Technical analysis of the trojan:
Jaime Blasco Blog : /Malware/Analysis_of_Trojan-SMS.AndroidOS.FakePlayer.a.html

[Preroll]

Quote:

Originally Posted by TBOLTRAM

JS, you are an educated user. I wonder how many of the other users are? How many people will try and get something free? The real problem is that it is going to get worse.

The guy who developed that stupid flashlight app for the iPhone wasn't so stupid. That app was a) free and b) infringed on your privacy by grabbing all your email addresses off the phone and sent them back to the developer. The developer then sold all those email addresses to marketing firms. He made $1500 in the first day and it was downloaded over 4 million times. Do the math, that guy made a fortune. These developers use the acronym TANSTAAFL = There ain't no such thing as a free lunch. They make these apps free to get you to download it. They'll make more money this way then actually charging for the app itself. Ironically, some paid apps still infringe on your privacy just like the free ones (that's really a double whammy)!

I delete any app that won't work because it requires me to allow access to user data! Also, use your firewall!

As for viruses, well that's another story all together....

[Preroll]

Here's a scary one for the Droid! Hence why I keep the FW turned on all the time on the BB.

Android Trojan Discovered, Sounds Terrifying - Gearlog)

[gambit007]

Phonesnoop is detected as malware.