Mobile malware exploding, but only for Android

12357

Comments

  • Reply 81 of 136
    sockrolidsockrolid Posts: 2,789member


    Originally Posted by Alfiejr View Post


    of course it would be best to have some actual stats on how many Android units are in fact compromised.                                



     


    You asked for it.


     


    32.8 million devices are supposedly infected:


     


    http://www.technologyguide.com/news/report-32-8m-android-devices-infected-by-malware-in-2012-mobile-attacks-grew-163/


     


    And if you unbundle "threats and variants" into individual malware discoveries, the numbers are staggering.


    Android malware discoveries by year:


     


    2009: 1,649


    2010: 6,760


    2011: 24,794


    2012: 65,227


     


    And you thought XP was bad.

  • Reply 82 of 136
    bleh1234bleh1234 Posts: 146member
    sockrolid wrote: »
    You asked for it.

    32.8 million devices are supposedly infected:

    http://www.technologyguide.com/news/report-32-8m-android-devices-infected-by-malware-in-2012-mobile-attacks-grew-163/

    And if you unbundle "threats and variants" into individual malware discoveries, the numbers are staggering.
    Android malware discoveries by year:

    2009: 1,649
    2010: 6,760
    2011: 24,794
    2012: 65,227

    And you thought XP was bad.
    http://m.techcrunch.com/2013/04/15/malware-on-mobile-grew-163-in-2012-infecting-around-32-8m-android-devices-report-says/
    Complete story from original site
  • Reply 83 of 136
    macbook promacbook pro Posts: 1,605member
    I believe proof by squirrel was used to back up one of the major theories in quantum physics. It's that sound. /s

    Nothing has been proven until tested against Squirrel Girl. Squirrel Girl is apparently one of the most power characters in Marvel Comics. Squirrel Girl has beaten some of the most powerful characters in the Marvel Universe.

    Doctor Doom (one of the two smartest men in the Marvel Universe who is also a powerful sorcerer)
    Mandarin
    Thanos (a herald of Galactus)
    Terrax
    Deadpool
    Pluto
    Fin Fang Foom
    Baron Mordo
    Korvac
    Ego the Living Planet (one of the most powerful beings in the Marvel Universe)
    Wolverine

    "Proof by Squirrel (Girl)," the Marvel Comics way!
  • Reply 84 of 136

    Quote:

    Originally Posted by sflocal View Post


    I think the iPhone gave non-iPhone users the false impression that all phones are safe.



     


    May I correct your statement for you?


     


    "I think Google gave non-iPhone users the false impression that all smart phones are iPhones."

  • Reply 85 of 136

    Quote:

    Originally Posted by Gatorguy View Post


     So no example then. Sounds almost made up if I didn't know you better.



    Thats the pot calling the kettle black, eh sport?

  • Reply 86 of 136
    vl-tonevl-tone Posts: 337member

    Quote:

    Originally Posted by dasanman69 View Post





    What about enterprise iPhones? Weren't there fake enterprise accounts being open in China and pirated apps being installed on iPhones?


    Good point, but the difference is that Apple will try to plug this "hole" while Google is willingly allowing random apps from the Web to be installed with a simple "allow sideloading" switch.


     


    I'd like to see some Android enthusiast here complain that Google doesn't do enough to prevent Android from becoming a malware haven like Windows was. I'm sure those people exist, but it seems that pro Android posters here choose instead to blame the "stupid" users and/or try to minimize the problem.


     


     


    Yes there will always be the possibility of malware but it doesn't have to be that bad. You can't tell me that Google can't improve things there.

  • Reply 87 of 136
    macbook promacbook pro Posts: 1,605member
    The difference in security approaches is manifest by simply considering one simple "feature" of each product:


    [LIST]
    [*] Samsung Galaxy S4 (released 21 days ago) already has root methods allowing the installation of custom ROMs, in fact, some root methods were released within days of the product release
    [*] Apple iPhone 5 required nearly six months to jailbreak
    [/LIST]

    Anyone who thinks Google or Samsung take security seriously is seriously delusional.
  • Reply 88 of 136
    macbook promacbook pro Posts: 1,605member
    vl-tone wrote: »
    Good point, but the difference is that Apple will try to plug this "hole" while Google is willingly allowing random apps from the Web to be installed with a simple "allow sideloading" switch.

    I'd like to see some Android enthusiast here complain that Google doesn't do enough to prevent Android from becoming a malware haven like Windows was. I'm sure those people exist, but it seems that pro Android posters here choose instead to blame the "stupid" users and/or try to minimize the problem.



    Yes there will always be the possibility of malware but it doesn't have to be that bad. You can't tell me that Google can't improve things there.

    The occurrence relayed by the poster to whom you responded wasn't an exploit. The essence of the occurrence was as follows:

    • Chinese website offers an alternative App Store
    • Users must knowingly accept a digital certificate
    • Digital certificates are a form of identification that enables streamlined authentication, data integrity, and encryption
    • For example, a business enterprise or government agency may use a digital certificate to provide their own App Store to release in-house apps
    • Essentially, the Chinese website and the user are exploiting a security feature to install free apps
    • In some ways this is quite similar to "side loading" apps
    • The difference is that Apple iPhone users don't commonly promote exploitation of developers as a feature thus almost certainly limiting the impact of the Chinese website which will limit the possible distribution of exploit apps (assuming there are such on the Chinese website)
    • Furthermore, the limiting of hardware ports to a single proprietary "smart port" drastically limits the possibility of spreading exploits by swapping SD cards, etc.


    • Could the apps on the Chinese website offer exploits packaged as free replacements for popular apps? They absolutely could which is one possible reason Apple iPhone users aren't promoting the website constantly.
    • Is the Chinese website commonly offered as a "feature" of the Apple ecosystem? No!
    • Is the Apple App Store relatively secure? Yes! There have been few, in any, widespread exploits released in the Apple App Store.
    • Is Google Play relatively secure? No! While Google has improved their security and has removed apps there continue to be issues.
    • Is Google Play the only commonly accepted and promoted source of apps? No, which is a major issue with the security of Android. Many Android users believe that "side loading" and rooting are "features" of the platform when they are, in fact, simply exploits.
  • Reply 89 of 136
    scprofessorscprofessor Posts: 218member
    Oh crap I just bought a new Samsung side by side fridge... US Appliances BTW great prices, no sales tax, and free delivery, do you think the malware will hack my fridge and turn my meat rancid. Because I think there is an option for it to communicate with my phone. Oh noes, I should have listened to my brilliant wife and bought an iCool. :smokey:
  • Reply 90 of 136
    tallest skiltallest skil Posts: 43,399member


    Originally Posted by SCProfessor View Post

    …do you think the malware will hack my fridge and turn my meat rancid.


     


    If it's this model, yes.

  • Reply 91 of 136
    gatorguygatorguy Posts: 22,901member

    Quote:

    Originally Posted by MacBook Pro View Post



    The difference in security approaches is manifest by simply considering one simple "feature" of each product:



    • Samsung Galaxy S4 (released 21 days ago) already has root methods allowing the installation of custom ROMs, in fact, some root methods were released within days of the product release


    • Apple iPhone 5 required nearly six months to jailbreak



    Anyone who thinks Google or Samsung take security seriously is seriously delusional.


    It's not that clear-cut MacBook. Not mentioned in the recent Symantec report that said most malware was targeting Android was another claim they made. 


     


    93% of all newly discovered mobile OS vulnerabilities come from iOS, 387 of the total 415 in the Symantec report. 


    http://www.symantec.com/security_response/publications/threatreport.jsp


     


    In case you think Symantec's report must be wrong (and if so why would the Android malware claim be any more right), CVE, a highly respected and detailed security datasource, finds much the same with over 225 identified security flaws in iOS or more than 80% of the the total number across all mobile OS's


    http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html


    What about Android? Fewer than 30. Windows mobile OS must have a lot right? Nope only 14 at last count, and Blackberry is best of all with only 11 identified exploitable OS flaws according to CVE.


     


    But that doesn't seem to make any sense. If Apple's iOS has had the highest number of security flaws of all the major mobile OS's, why is Android getting the most attention from cyber bad-guys? Experts say (and I agree) it's because Google had been lax about policing apps and the "user experience", and that makes complete sense. One of the supposed attractions of Android is how easy it is to customize and Google has encouraged users to do what they want with their smart-devices. Don't like the skin? Download a new one. The latest OS not yet available for your Android smartphone? No prob, just download an app that gives your the same functionality, more or less.


     


    It's not that Android has more OS vulnerabilities than iOS as you would suggest. Far from it. But Apple's more heavily curated approach to apps and the stronger control they exert on their platform and those who play in their backyard makes Android users the easier and more profitable target. At some point Google may need to move closer to Apple's approach and take a little more control of the platform than they have so far. "At some point" may not be all that far off either.


     


    It's also clear that Google's control over their own app store has improved a whole lot over the past couple of years. Nefarious apps within Google Play are exceptionally uncommon, perhaps now nearly as rare as finding one in Apple's app store. I haven't seen anything that would dispute that. But with lots of other sources for Android compatible apps and users in less-developed countries perhaps more likely to look for "free" versions of official Google Play paid apps they end up being targets for very expensive (and highly profitable) SMS texts, the most commonly mentioned scam. At least Google recognized that and took action with Jellybean, which now will flag a warning and ask for permission before your smartphone will send that expensive SMS.


     


    In any event, it's not the number of exploitable security flaws in Android or iOS that attracts the bad guys. It comes down to those apps and where a user can get 'em IMO.

  • Reply 92 of 136
    macbook promacbook pro Posts: 1,605member

    Interesting that there is no concern for personally identifiable information, credit card data, etc. Possibly more evidence that Android users don't actually use their "smartphones" they spend so much effort to customize.

    If he is truly concerned about rancid meat vulnerabilities he could peruse the NIST National Vulnerability Database which lists 348 vulnerabilities for Google Android.
  • Reply 93 of 136
    scprofessorscprofessor Posts: 218member

    I'll give you a plus 1 for identifying for the first man to get his fridge hacked. At least I don't have to use my att data minutes. But side loading and rooting will take a new meaning with this sob. But I'd bet that you'd use an ice chest before placing anything in a Samsung.
  • Reply 94 of 136
    Interesting that there is no concern for personally identifiable information, credit card data, etc. Possibly more evidence that Android users don't actually use their "smartphones" they spend so much effort to customize.

    If he is truly concerned about rancid meat vulnerabilities he could peruse the NIST National Vulnerability Database which lists 348 vulnerabilities for Google Android.

    Just quickly scanning I think I saw Mac mentioned a few times. But getting to the larger question, a hack would look at all my stuff and would pass as he would be doing me a favor. As lame as it sounds I just thought it would be cool to chill a few pabst blue ribbons from the road.
  • Reply 95 of 136
    gatorguygatorguy Posts: 22,901member

    duplicate

  • Reply 96 of 136
    gatorguygatorguy Posts: 22,901member

    Quote:

    Originally Posted by MacBook Pro View Post





    Interesting that there is no concern for personally identifiable information, credit card data, etc. Possibly more evidence that Android users don't actually use their "smartphones" they spend so much effort to customize.



    If he is truly concerned about rancid meat vulnerabilities he could peruse the NIST National Vulnerability Database which lists 348 vulnerabilities for Google Android.


    If you meant to restrict your list to Google Android specific vulnerabilities as you said you instead would have found this: (your flawed search included cross platform FLASH, Java etc that also affected Windows, iOS, Macs and others):


    http://web.nvd.nist.gov/view/vuln/search-results?query=Google+Android&search_type=all&cves=on


    Total count: 29


     


    The same search for Apple iOS is here:


    http://web.nvd.nist.gov/view/vuln/search-results?query=Apple+iOS&search_type=all&cves=on


    Total count: 185


     


    I assume you weren't intentionally being misleading MacBook Pro. You were just a little sloppy with the research.


     


    EDIT: For someone who claims to have me on "ignore" and not reading my posts it's odd that you respond to the exact same points I bring up if I correct a post of yours. I don't mind having an honest debate if we disagree (and sometimes we do agree!) but you'd have to drop the charade that you don't have any idea what I write.image

  • Reply 97 of 136
    gatorguygatorguy Posts: 22,901member


    Ooohh, this is new. Mac malware signed with a real Apple ID? Tricky as that would bypass the security controls in Mountain Lion meant to prevent just such an occurance.


    http://arstechnica.com/security/2013/05/mac-malware-signed-with-apple-id-infects-activists-laptop/

  • Reply 98 of 136
    scprofessorscprofessor Posts: 218member

    Quote:

    Originally Posted by Gatorguy View Post


    Ooohh, this is new. Mac malware signed with a real Apple ID? Tricky as that would bypass the security controls in Mountain Lion meant to prevent just such an occurance.


    http://arstechnica.com/security/2013/05/mac-malware-signed-with-apple-id-infects-activists-laptop/



    Be careful or you have the kool-aid drinkers all over you. And they really think the word "troll" is an insult. Try pig $%$%^^$ Cock ^%$^$^$ where I come from. 4chan would have fun trolling in some of these freaks. Read quickly before the delete boys and girls.

  • Reply 99 of 136
    Maybe Apple Insider forgot the news they reported a few weeks ago when malware was discovered in an iOS app that made its way past the approval process. Not gonna pick fights because, yes, malware is Android's overwhelmingly lopsided problem. BUT, from Google itself to top ad networks (like Millennial Media and Airpush) I am seeing a lot of progress to minimize malware exposure and infection risks. So regardless of platform vulnerability, I think malware has become a big enough headache for everyone that big players are going to keep stepping up until the menace is mitigated - http://www.examiner.com/article/airpush-raises-the-bar-on-security-for-mobile-ad-networks
  • Reply 100 of 136

    Quote:

    Anyone who thinks Google or Samsung take security seriously is seriously delusional.


     


    I agree, Google and Samsung care about security about as much as Apple does on OSX. In other words, not at all - remember Flashback? Apple didn't release the patch for OSX for months and months after it was released by Oracle.

Sign In or Register to comment.