Expensive malware appears for Microsoft's Windows Mobile

Posted:
in iPhone edited January 2014
Malware embedded into legitimate-looking games designed for Windows Mobile has appeared, automatically dialing up foreign telephone services to ring up hundreds of dollars in illicit charges for users behind their backs.



The discovery, reported by John Hering of the Lookout security firm, was covered in a report by Reuters, which inaccurately described the malware a "virus" and misleadingly referred to the exploit as being orchestrated by "hackers."



In reality, the malware was simply the product of malicious mobile software developers who misrepresented their work as safe, and distributed it through "sites that provide legitimate software for mobile devices."



No malware for iPhone, despite its market share



The fraudulent mobile software for Microsoft's smartphone platform punctuates the warnings Apple has been sounding about security-free software distribution, and underlines why the company has maintained a strict policy that forces iPhone mobile developers to get their work approved by and cryptographically signed for distribution by Apple itself.



Critics have chafed at Apple's secure software signing model and have praised Google's alternative Android model, which enables users to download software from any source, without any security model in place, at their own risk.



The appearance of malware on Windows Mobile is particularly interesting because the motivation of this assault was entirely financial. That being the case, the fact that the malicious developers targeted Windows Mobile, which is almost entirely limited to the US and now trails Symbian (42%), RIM (21%), and Apple's iPhone OS (15%) in market share (9% over the last year), throws decades of Windows-based punditry on its head because "malicious hackers" supposedly only target the largest platform.



Mobile security evolving



Symbian, long the global leader in smartphones, was actually targeted by Cabir, one of the first real viruses to spread among smartphones. However, that discovery lead to a stronger push for platform security, which resulted in support for mandatory code signing in the Symbian OS 9.



RIM also includes code signing in its BlackBerry SDK, a model Apple followed and expanded upon with a much less expensive code signing program and app approval process than those that were in place at Symbian and RIM when the iPhone 2.0 SDK and iTunes App Store debuted two years ago.



Like Android, Windows Mobile offers some optional code signing capabilities but does not enforce these, enabling users to find and install software without any proof of its security or legitimacy. Both also therefore have no mechanism for killing an app that goes rogue after it has been distributed.



So far, Apple has never revoked a developer's certificate or killed an active app installed by users, even for apps it has retroactively removed from the App Store for reasons other than being malware. Apple has pulled apps from iTunes that have violated its privacy policies in invasive but not malicious ways until the developer addressed the issues.



iPhone security features deter malware



Just the fact that Apple has a real security policy in place for iPhone mobile software in its iTunes App Store serves as a strong deterrent for rogue developers from even attempting to distribute malicious iPhone OS software like the tainted games discovered for Windows Mobile.



Jim Finkle, writing for Reuters, claimed that "hackers are increasingly targeting smartphone users as sales of the sophisticated mobile devices have soared with the success of Apple Inc's iPhone and Google Inc's Android operating system," but in reality, any attacks aimed at iPhone users are not software based expressly because of Apple's strict security policy, and must be limited to social engineering exploits that prey upon people directly, rather than infecting their devices with malware.



Android users (just like Mac and Windows users) have no similar security protection in place, and should be very careful about downloading software, even from legitimate appearing websites. Unlike desktop malware, which is somewhat limited in the scope of damage it can cause, mobile malware has the ability to rapidly run up very expensive mobile bills for weeks before the user is likely to even notice a problem.
«1345

Comments

  • Reply 1 of 92
    Yet another reason I'm looking for Little Snitch for iPhone OS. I'd like to know what is being sent out; I will determine if it should go through, thank you.
  • Reply 2 of 92
    stevetimstevetim Posts: 482member
    when i get windows mobile 7 should i install norton, mccafee or avg anti-virus on my phone?
  • Reply 3 of 92
    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple’s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” - Benjamin Franklin



    Can’t the solution be to let us check a box to install unauthorized apps, a la Android? Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.
  • Reply 4 of 92
    anantksundaramanantksundaram Posts: 18,453member
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple?s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? - Benjamin Franklin



    Can?t the solution be to let us check a box to install unauthorized apps (*cough* Android *cough*)? Seems like the best of both worlds. Apple stops taking heat, and its the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.



    There are lots of 'uncensored' choices out there for people like you, and you should go there for your smartphone experience. I am (and millions like me are) perfectly happy with my (our) experience.



    And, there is no need for drama-queen quotes over something as trivial as this.



    As for Android, their similar problems are just beginning. See this report from today's Wall street Journal: http://online.wsj.com/article/SB1000...ses+phone+apps



    Good luck.
  • Reply 5 of 92
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple?s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? - Benjamin Franklin



    Can?t the solution be to let us check a box to install unauthorized apps, a la Android? Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.



    Apple's act is a very simple one for you to make a decision on then mate, don't buy an iPhone.



    Problem solved.
  • Reply 6 of 92
    wizard69wizard69 Posts: 12,381member
    Quote:
    Originally Posted by stevetim View Post


    when i get windows mobile 7 should i install norton, mccafee or avg anti-virus on my phone?



    Could you imagine any of those running on a cell phone processor? Talk about slow.





    Dave
  • Reply 7 of 92
    bettiebluebettieblue Posts: 294member
    I hate Anti-Apple hit pieces on pro Microsoft sites and I hate Anti-Microsoft hit pieces on pro iFan sites. Its makes the site and the blogger look lame at best.



    I just cant see this as news, especially on this site and especially with the very few facts you have presented, like where there 3 or 3000 people hit? What apps were they?



    Sad stuff for this site, truly sad.
  • Reply 8 of 92
    spotonspoton Posts: 645member
    Quote:

    Apple's iPhone itself isn't immune to mobile threats, either. Since 2008, security experts have identified at least 36 security holes in the (iP)hone's software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone's username and password from messages sent to servers when browsing the Web.



    Quote:

    Apple vets applications before they appear in its App Store, but risks still exist. In July 2008, Apple pulled a popular game called Aurora Feint from its store after it was discovered to be uploading users' contact lists to the game maker's servers. More recently, it yanked hundreds of apps it said violated its policies, some out of security concerns.



    also this



    Quote:

    Apple CEO Steve Jobs, speaking at the All Things D conference this week, said his company's employees carefully curate the store. "We have a few rules: has to do what it's advertised to do, it has to not crash, it can't use private APIs," or application programming interfaces, he said, adding that 95% of submissions are approved.



    "Apple takes security very seriously," a spokeswoman said. "We have a very thorough approval process and review every app. We also check the identities of every developer."





    http://online.wsj.com/article/SB1000...175834088.html
  • Reply 9 of 92
    macnycmacnyc Posts: 342member
    Quote:
    Originally Posted by bettieblue View Post


    I hate Anti-Apple hit pieces on pro Microsoft sites and I hate Anti-Microsoft hit pieces on pro iFan sites. Its makes the site and the blogger look lame at best.



    I just cant see this as news, especially on this site and especially with the very few facts you have presented, like where there 3 or 3000 people hit? What apps were they?



    Sad stuff for this site, truly sad.



    How is this an anti-Microsoft hit piece?! One more sad comment, truly sad...
  • Reply 10 of 92
    macnycmacnyc Posts: 342member
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple?s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? - Benjamin Franklin



    Can?t the solution be to let us check a box to install unauthorized apps, a la Android? Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.



    Somehow keeping viruses etc off of your cell phone is not a positive thing?! Seriously?!
  • Reply 11 of 92
    mactelmactel Posts: 1,275member
    It really comes down to the user being smart about where they get their apps. If a user is tech savvy to jailbreak their phone then the must be ok with the risks of doing so.
  • Reply 12 of 92
    Malware on Windows 7 mobiles but not yet on iPhones. What a surprise! The people who rebel against Apple's security policies must think malware writers are idiots. They are not! Of course they are going to target Windows 7 mobile and Android platforms before they tackle the more secure iPhone platform.

    This incident demonstrates a logical flaw in the 'market share' argument for the lack of Mac OS X malware. Attractiveness of malware targets has much more to do with the ease of attacking the platform, and this is a direct consequence of slack platform security policies.

    So, Microsoft/Windows and Google/Android stand condemned for allowing malware writers to prosper at the expense of their long suffering and ignorant customers.

    To all Windows/Android users ... 'Have a good day, because tomorrow might be a real bummer!"
  • Reply 13 of 92
    zindakozindako Posts: 468member
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple?s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? - Benjamin Franklin



    Can?t the solution be to let us check a box to install unauthorized apps, a la Android? Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.



    The answer is obvious and simple, don't buy Apple products, go use winblows and Androidz, enjoy.
  • Reply 14 of 92
    wizard69wizard69 Posts: 12,381member
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple?s policies.



    This is about Macs, trying to drag them into this discussion just muddies your position. Besides the article justifies nothing, it just explains Apples approach to the problem which to be honest isn't a bad one. Is it to restrictive, clearly many don't think so. Frankly an unlocked phone would mean more to me.

    Quote:

    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    This is assinine what are virus checkers, maleware scanners and bits of defensive programming from the PC world? When it comes right down to it apple effectively moves these sorts of overhead off the device to their labs making for less of a load on the device.



    Sure there is more to Apples restrictions than that but if you want porn the iPhone OS isn't your first choice. Beyound porn people have been trying to make mountains out of molehills. Sometimes mountains are made just so a developer can get free promotion of his product. It is all part of the get my app rejected for something silly and then make millions with version 1.1.X.



    The reality is if Apple was as bad as everyone implied we wouldn't have the massive selection of software that we do have in app store. Apps by the way that make developers money, which of course is incentive for developers to make even more apps.

    Quote:

    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? - Benjamin Franklin



    That has absolutely nothing to do with this discussion. Apps have no impact on your liberty.

    Quote:

    Can?t the solution be to let us check a box to install unauthorized apps, a la Android?



    How would that improve anything when it is so easy to jailbreak an iPhone now? Besides if Apple added such a feature they would no longer have a secure system and they would likely still be seen as responsible by the user community. In the end you are asking for something that isn't needed because an alternative to Apples system exists.

    Quote:

    Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.



    Don't you see how stupid your position is? An alternative to Apples tight control exists, you already know about it. Apple however doesn't want anything to do with it, so it goes on ignored.



    In anyevent Apple currently only gets a little bit of heat from the crowd of thieves and cheapies that want everthing for free. If Apple made it easy for people to screw up their iPhones with crap third party apps the heat would be much hotter. Apple has created a framework that leads high customer satisfaction there is no reason to mess with that. Especially in the context of uncontrolled environments that lead to screwed up systems.



    In anyevent you need yo explain yourself better as right now people can't hear anything useful to support your position through all the whine.







    Dave
  • Reply 15 of 92
    stevetimstevetim Posts: 482member
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple?s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? - Benjamin Franklin



    Can?t the solution be to let us check a box to install unauthorized apps, a la Android? Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.



    Apple is smart. Mobile devices don't have the resources to handle viruses, exploits and malware. Cut it off before it begins. Many people are stuck in the desktop pc mindset. Apple is not stuck in that mindset. The market place is proving it.
  • Reply 16 of 92
    irnchrizirnchriz Posts: 1,544member
    Another reason Microsoft are adopting the Apple approach for Windows Phone 7. Microsoft will be approving and vetting all apps along with strict controls on the hardware.
  • Reply 17 of 92
    s6278ms6278m Posts: 5member
    Well put anantksundaram.....I do not miss any of the other smart phones, if any thing this article shows the EXACT point Apple is trying to make with their 'censored' apps...



    Quote:
    Originally Posted by anantksundaram View Post


    There are lots of 'uncensored' choices out there for people like you, and you should go there for your smartphone experience. I am (and millions like me are) perfectly happy with my (our) experience.



    And, there is no need for drama-queen quotes over something as trivial as this.



    As for Android, their similar problems are just beginning. See this report from today's Wall street Journal: http://online.wsj.com/article/SB1000...ses+phone+apps



    Good luck.



  • Reply 18 of 92
    MacProMacPro Posts: 17,169member
    Quote:
    Originally Posted by bettieblue View Post


    I hate Anti-Apple hit pieces on pro Microsoft sites and I hate Anti-Microsoft hit pieces on pro iFan sites. Its makes the site and the blogger look lame at best.



    I just cant see this as news, especially on this site and especially with the very few facts you have presented, like where there 3 or 3000 people hit? What apps were they?



    Sad stuff for this site, truly sad.



    I would respectfully suggest you try to find a neutral blog on computer platforms somewhere then. Good luck trying though, I even find my favorite science blog is one long running battle now as creationists and 'there is no increase in global temperature' types invade with their trolling. Blogs are just not what they used to be. \
  • Reply 19 of 92
    MacProMacPro Posts: 17,169member
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple’s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” - Benjamin Franklin



    Can’t the solution be to let us check a box to install unauthorized apps, a la Android? Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.



    Oh how some people love the use of the non sequitur ... The problem with your quote from good old Ben is, it is taken totally out of context. Try applying it to a myriad of other situations and it makes zero sense. How about not using condoms on a first date or not checking your equipment like you are told to before a scuba dive or how about ignoring the rules of the road and running red lights... oh wait a minute, idiots do all these things all of the time! Ben must be happy



    Back to this subject. No one forces anyone to use an Apple product. Simple enough?
  • Reply 20 of 92
    iancass79iancass79 Posts: 80member
    Quote:
    Originally Posted by Planet Blue View Post


    What a crappy article. Should we have Apple tell us what we can and cannot put on our Macs too, so we never get a virus? This article just reeks of desperate justification for Apple?s policies.



    I love Apple as much as the next guy, but damn, I just cannot handle when people claim censorship and gate-keeping are positive things.



    "They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? - Benjamin Franklin



    Can?t the solution be to let us check a box to install unauthorized apps, a la Android? Seems like the best of both worlds. Apple stops taking heat, and it would be the users liability if stuff like this happened. At the same time, it would allow for some of the amazing Cydia apps to get a broader audience.





    If you got a bill due to malware on your phone, you would be crying the opposite. Guarantee it. People hate being hate apples policies until it benefits them.
Sign In or Register to comment.