Smartphone Malware That Will Blow Your Mind

Submitted by Matt on Wednesday, January 26, 2011

Android Mobile Phone with Permission DialogIf the smartphone is to be the next computing device, then guess what else comes with it? That's right, malware. It's not fun, but you must be educated on it. Educated to protect yourself. You should be aware of what can be done and hopefully help prevent it from happening.

Baseband hacking

Without even knowing what this is, it sounds scary. Infoworld recently reported on this type of attack. The baseband processor is what is used to send and receive radio signals with the cellular network. Traditionally, malware would get into your computer via a malicious website, or by a program that was infected with a virus.

Baseband hacking, though, allows for someone to break into your phone by tricking your phone into connecting to a fake cell phone tower.

How? Thanks to open source software, OpenBTS, virtually anyone can set up their own cellular network radio tower with about $2,000 worth of computer hardware. Granted, this type of hack is extremely difficult to execute and requires skill... but it is worth noting.

Credit card sniffing

That's right, malware can sniff, or listen, to credit card numbers. Although proof-of-concept, SoundMiner can listen to when you say or enter a credit card number on a phone call (video below).

Ever give your credit card number over the phone to make a purchase?

Or maybe you're calling your credit card company to make a purchase and need to key in your number for verification?

SoundMiner takes that credit card number and passes it off to someone else.

Android Malware in China

Malware named Geinimi attaches itself to existing apps that are redistributed on third-party markets. It sends out your location, IMEI (International Mobile Equipment Identity), app list, and it can also modify itself.

So, some mobile malware sends out your GPS location and the apps you want to download. Big deal.

What about GPS location, your to do list, and your contacts? The possibilities of coordinated personal attacks are scary at best. McAfee agrees and put GPS-based threats on the map for 2011.

What you can do about

Although this is a very new space, companies specializing in mobile security are sprouting up. Lookout, already boasting 4 million users, raised $19.5 million end of last year for smartphone security software.

McAfee is also into the mobile security game.

Aside from checking out some of the above resources, surf smart.

Don't download apps that don't have too many downloads and positive ratings.

Don't visit suspicious websites or untrusted links.

Until we see some more concrete examples of malware on smartphones, there isn't much to be too concerned about. But you're better off starting with good practice now. It'll be interesting to see if Android becomes the next Windows with more malware in the mobile space.

 

Here's a proof of concept with Soundminer.

Categories: