Jump to content


Photo

HTC LEGEND & DESIRE: Software released for attacking Android phones

* * * * * 1 votes

  • Please log in to reply
2 replies to this topic

#1
zabak

zabak

    Newbie

  • Members
  • Pip
  • 49 posts
Software released for attacking Android phones - Tested on HTC Legend & Desire


Source = Reuters , Geek.com , WWWery.com , CIOL.com


(Reuters) - Two security experts said on Friday they released a tool for attacking smartphones that use Google Inc's Android operating system to persuade manufacturers to fix a bug that lets hackers read a victim's email and text messages.

"It wasn't difficult to build," said Nicholas Percoco, head of Spider Labs, who along with a colleague, released the tool at the Defcon hacker's conference in Las Vegas on Friday.

Percoco said it took about two weeks to build the malicious software that could allow criminals to steal precious information from Android smartphones.

"There are people who are much more motivated to do these things than we are," he added.

The tool is a so-called root kit that, once installed, allows its developer to gain total control of Android devices, which are being activated by consumers at a rate of about 160,000 units per day, according to Google.

"We could be doing what we want to do and there is no clue that we are there," Percoco said.

The test attacks were conducted on HTC Corp's Android-based Legend and Desire phones, but he believed it could be conducted on other Android phones.

The tool was released on a DVD given to conference attendees. Percoco was scheduled to discuss it during a talk on Saturday.

Google and HTC did not immediately return calls for comment.

Some 10,000 hackers and security experts are attending the Defcon conference, the world's largest gathering of its type, where computer geeks mix with federal security officials.

Attendees pay $140 in cash to attend and are not required to provide their names to attend the conference. Law enforcement posts undercover agents in the audience to spot criminals and government officials recruit workers to fight computer crimes and for the Department of Defense.

Organizers of the conference say presenters release tools such as Percoco's root kit to pressure manufacturers to fix bugs.

Edited by zabak, 31 July 2010 - 07:43 AM.

  • 0

#2
zabak

zabak

    Newbie

  • Members
  • Pip
  • 49 posts
UPDATE: Source : - The Register

Only Pre rooted HTC Legend & Desire can be hacked!!

Beware !!


News quotes

"
Android users have little reason to fear an immediate onslaught of malware despite the demonstration of a rootkit-based attack at last week's Defcon conference, according to a leading anti-virus supplier.

Researchers at Spider Labs demonstrated proof-of-concept malware that could access messages and emails on an Android smartphone. Chester Wisniewski, a senior security advisor at Sophos who attended the presentation, was underwhelmed.

He pointed out that the demo was carried out on an already jailbroken HTC Legend. And, crucially, the researchers at Spider Labs failed to explain how end users might be at risk from malware along the lines of the proof-of-concept tool developed by the Spider Labs team. "They developed a rootkit but there's no way to install it," Wisniewski told The Reg. "No method of propagation was demonstrated."

Sophos has yet to see any examples of Android malware in the wild. Two or three worms targeting jailbroken iPhone devices appeared last year but the attacks have not reappeared as carriers have learned lessons from the outbreak and applied improved security controls, such as filtering SSH connections.

The likelihood of malware migrating onto new platforms is one of the key themes of a review of the security landscape by Sophos, published on Tuesday.

Microsoft is likely to respond to the success of the iPad with the launch of its own tablet-style device. A tablet-ready version of Windows 7 is already well advanced but the technology is likely to inherit the security problems of its desktop cousins, even if Microsoft takes a "walled garden" approach to application delivery, according to Sophos.

Whether the security problems of full-blown Windows platforms will be sufficiently addressed on the new platform remains to be seen; but with the browser being based on Internet Explorer and Adobe apparently working hard on Flash integration for the new platform, malware problems seem inevitable.

The Sophos report (pdf) goes on to suggest that Linux-targeting mobile attacks are likely to increase as devices running webOS and MeeGo (Nokia’s plan for a new mobile platform) become more commonplace in the market. The point is made in passing, without any substantiation, and sits oddly with the attempts by Sophos to downplay the threat of Android-based malware.

The study also charts general trends in the mainstream (desktop) malware landscape. Sophos’s global network of labs received around 60,000 new malware samples every day in the first half of 2010, an average run rate of one new sample every 1.4 seconds per day every day. In the same period last year the rate was 40,000 samples per day. By that reckoning VXers have increased production by 50 per cent. Adobe came out a close second to Microsoft as hacker targets during the first six months of 2010, according to Sophos.

Booby-trapped websites and email in malware, which has returned as a hacker favourite over recent months, remain security menaces to businesses. Hackers often use vulnerabilities to plant malware or redirections to hacking portals on legitimate websites. These tactics - along with the prevalence of free hosting providers in Europe that offer minimum setup times to business and hackers alike - resulted in France, Italy and the Netherlands all joining the top ten of malware hosting countries since the start of the year. United States (42.29 per cent) and China (10.75 per cent) remain the top two malware hosting menaces

"

  • 0

#3
BigBearMDC

BigBearMDC

    MOD - Mode ;)

  • Moderator Team
  • PipPipPipPipPipPip
  • 1,933 posts
  • Gender:Male
  • Location:Carinthia, Austria
  • Interests:I'm interested in µC's, programming, physics and astrophysics :)
  • Devices:Samsung Galaxy SII
  • Twitter:@BigBearMDC
magnum375 wrote:

2 days ago I received SMS from my service provider that I've fully consumed my data quota which is a 1st for me. Yesterday I suddenly noticed abnormal sync activity, so I immediately unchecked "Auto-sync" and "Background data" options in the Accounts & sync settings menu which should have stopped the sync but it continued. So I rebooted and double checked that all sync options are unchecked but still the device was continually syncing. Only after I unchecked the "Wi-Fi (Turn on Wi-Fi)" & "Mobile network (Connect to the Internet)" in the Wireless & networks settings sync stopped.

Device details:
HTC Desire
FW ver- 2.1 update1
Kernel Ver- 2.6.29-bravo-mck-r1 paul@Paul-OBriens-iMac #2

Any idea what's going on? Has someone downloaded all my content? Is there any available solution?


To reply to a post you have to use the "Reply" button, not the "Report" button.

Best regards,
BB

  • 0
Visit our git repos [2.6.32 porting project, FroYo vendor config]Got a question? No problem, write me an email :)

If you like what I'm doing, help me buying an Orange San Francisco Posted Image
Posted Image
Donors:
  • Niels Heeren, David Dawkins, Mark Leman, James Baker, Heinz Peter Hippenstiel, KenBW2, flibblesan, GraviticVortex, bear807, TDK29

look for the Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users