Hey! …Something is stealing your data…!

Posted by

Privacy

Progressively more people are adopting smartphones as their primary means of accessing the internet. These ’toys’ are getting embellished with gargantuan volumes of memory. They are no longer ‘playthings’. These devices are gradually performing lots of roles that our computers used to perform in the recent past.

With increasing dependence on these devices, as well as their ‘always connected’ status, it becomes imperative that we protect ourselves (read-> data) from malware. Malware like viruses, trojans, and worms. The nomenclature we give these things does not matter. The important thing is to acknowledge, and know that a particular application on your phone may be surreptitiously doing other things without your knowledge (or wish). Take a look at this case of an Android Trojan spying on your conversations.

In the case of Apple’s iOS, the rigorous testing of apps for approval may make it difficult to get maliciously phone on your UNjailbroken device. But we all know that lots of people do jailbreak, opening up your phone to apps whose intention may not always be altruistic.

On Google’s Android and Nokia’s Symbian Operating Systems, the danger is theoretically even greater. Some users obtain apps from all sorts of sources. Thus, those users can inadvertently get infected with an app that disguises its true intention.


In recent times, there have been all sorts of Trojans on the Android platform. The more recent one (which prompted this write-up) is a Trojan that records your conversations in a lightweight format – and secretly sends them to a server somewhere. Can you beat that? If a Trojan can do that, it can do practically anything (deplete your credit, transfer your email addresses, e.t.c. The inventiveness is only left to the Authority of that Trojan. Imagine a Trojan than can initiate electronic banking / transfer funds – in the night while you sleep!)

calling 1

Some school of thought would have us believe that the Symbian OS is impervious to viruses. I will not argue this point in this instance (although I have my reasons to doubt that arrogant assertion). The important thing is to err on the side of caution.

How do we insulate ourselves from the (possible) threat of malware? Some things that come to my mind as to how to combat this increasing malware menace are as follows:


– Only use applications from sources you trust, if you can (I do not follow this advice myself)

– When using an OS that allows you set different kinds of permissions for individual apps (say Android), take your time, and give profound thinking to set those permissions carefully.

– Install an app that logs the activities of apps that access / try to access – the internet, and warns you immediately. SPB Wireless Monitor (on Symbian) works well for me.

– Do not jailbreak, hack or root your device (another prescription I
do not follow myself)

Those are the things that come off the top of my dome, off hand.

What do you think? What other things can protection us from these malicious coders and their injurious code?

15 comments

  1. Very intelligent and honest presentation. I, also in my quest to try every new app I can lay my hands on in every category I consider necessary for me, hardly follows any of these healthful advices. I’m always looking for a better app for every task. security is a secondary consideration.
    I probably need to be hit before paying attention to precautionary security measures.

  2. Virus coders, on any platform, are like terrorists of the munitions type.

    They want maximum effect. They therefore use the platform with the widest reach. Android currently had the widest reach of anymobile OS.

    With the widespread use of the Android on a divergent range of devices, it is unsurprising that hackers are targeting this OS more ferociously. Symantec however disputes the seriousness of he situation.

    With mobile devices being more PC-like, memory becoming more commodious and mobile OS getting more complex and sophisticated, we are likely to see an explosion in the number of mobileOS viruses.

    Like indiscriminate/ illicit unprotected sex, getting apps from unverified and disparate sources will eventually get you infected with mobile V.D / AIDS!
    If you do this while being aware of the possible dangers, you should be… ready to bear the con-sequences

  3. The nomenclature we give these things does not matter. The important thing is to acknowledge, and know that a particular application on your phone may be surreptitiously doing other things without your knowledge (or wish).

    Believe me, the nomenclature is important, because that helps us break down the different ways these malware work, so that we can counter them. The guys who laid out the nomenclature were not just fooling around with words, you know.

    It is like saying that it doesnt matter what nomenclature we use for the different mobile internet technologies – GPRS, EDGE, 3G, 3.5G, etc. It does matter. They are different.

    It is like saying that in medical science it is unimportant whether we classify organisms as bacteria or viruses. No sir, the nomenclature is important, because those things operate differently and their types and levels of threat are different.

    Some school of thought would have us believe that the Symbian OS is impervious to viruses.
    In 7 years of mobility, I am yet to meet anyone who belongs to this school of thought, and such a position would be presumptous of anyone to take.

    It would be like saying that a certain brand of cars is impervious to accidents. If I want to so badly wreck a car that I am driving – regardless of how stable its makers tout it to be, I know enough laws of physics to come up with a crazy enough idea to do so.

    As such, all cars are prone to accidents, as all mobile platforms are prone to malware, but – and a very BIG BUT – certain car brands have a higher safety standard and record than others.

    It is in this same way that Symbian has a higher security standard and record than most other mobile platforms. It has been around far longer, and yet has had less malware issues than the newer guys.

    An Old Challenge
    I will repeat the same challenge that Steve Litchfield of AllAboutSymbian issued many years ago, and which NO-ONE HAS EVER taken him up on:

    I’ll stand in a room with you and all your infected toys. I’ll have a old Series 60 smartphone, a UIQ device and a Series 80 smartphone, all set with Bluetooth to Discoverable’. I’ll give you as long as you want to try and infect me in any way whatsoever, I’ll even accept your SMS and MMS messages and generally communicate. If you succeed in infecting me, I’ll hand over an obscene amount of money.

    Source: Viruses for Symbian OS and S60 – the truth

    I recommend that anyone who cares about this issue should read the above source link, as well as this one: Be worried, be very worried. The truth about the Symbian OS virus scene

    Honestly, as Steve has said before, if you own a Symbian smartphone, you can stop worrying about viruses permanently. Unless you set out to infect your Symbian smartphone by yourself, for now you have nothing to worry about.

    As for the future, I have no idea what it may bring.

    The guidelines presented in this article are sound common sense tips for staying out of trouble. All those tips deal with the human factor – you!

    As a rule, if you hack your device or install apps from sources that are not credible, that’s your fault, not the fault of the OS. If you grant full permission to an app that you didnt take the time to find out all that it does, that’s your fault, not the fault of the OS.

    Beyond that, for the most part, no-one should lose sleep over mobile viruses. At least, not yet.

    There are shops everywhere – go to Computer Village, Ikeja, for example – where people are arm-twisted into paying to install mobile anti-virus apps on their smartphones. Those apps only use up your already limited resources, including CPU and battery life, and do nothing really useful. This applies primarilly to Symbian, but also to other platforms to a large extent.

  4. Now, let us discuss this mobile viral issue a little bit more.

    That challenge issued by the inimitable Steven Litchfield of AllAboutSymbian amuses me. It is honestly hilarious!

    That challenge makes no sense, and that is why ‘nobody ever BOTHERed’ taking him up on that preposterous challenge. Why, you may ask? Good!

    It is like holding your Windows 7 powered laptop, standing on one side, and challenging somebody to infect you from a distance via Bluetooth. I can EQUALLY assert that NO infection will happen unless you run the app bluetoothed, or emailed to you! Does that make WindowsPc ALMOST impervious to viruses? No!
    In MALWARE infection, it is of course the human factor responsible for ALL infections. You open the gate to infection by what you have DONE or (FAILED to do).
    A mobile device can never get effectively infected unless you (unwittingly) install an infected app on it and run that app. That fact is eternal – and omni_applicable – whether you run WebOS, CrackBerry, Bada, iOS, Android or Symbian!
    Are we saying – if I install an (infected) app on my Nokia 5800, it cannot, without my knowledge be doing things (the virulent portion of) the app is designed to do? ‘Yes?’ ‘No?’
    [SEVEN mobile Push Email app (attempts to) SEND(s) smses during installation. It does not ask for my permission to do so. It does not inform me if it fails to send the sms. Spending my credit without informing me or asking me – is virulent behavior. Any other compromised app can do lots more

    It is interesting to note that, in Symbian, to allow an app to perform privileged actions, all it needs – is for it to be signed for access to privileged systems resources. If I write a (truly useful) MALWARE (what does it matter what it is called?) , sign it appropriately, post it where people will not be able to resist downloading and installing it, now tell me if I have not successful compromised that OS (whether Symbian, or not!).
    One of the links quoted as a voice of authority clearly states this – about Symbian, ‘the OS makes access to to ‘dangerous, propagating functions restricted to PROPER ‘SIGNED’ applications’ . Haha! Well, Apple also tries to ensure that only proper APPROVED apps are installed on(unJailBroken) iDevices. Thus, we can also claim that iOS is close to impregnable too, right? Not so!

    The increasingly strident noise about viral infections on Android is due to the ubiquity – but more importantly, to the fact that there is absolutely nothing preventing me from writing a virus, putting it on the AppStore, and doing stealthy things on people’s Andy phones.

    More analogies?

    This house is an impregnable fortress – unless you leave the doors open. If it is impregnable, I want automatic machine-guns to open up once an intruder comes in, for pythons to bite, and anacondas to squeeze intruders to death, and Alsatians to bite out jugulars. You can then assert that that house is IMPENETRABLE! The impregnability would then not be predicated on a mentally-addled servant forgetting to lock a window, or turn on the burglar alarm system!
    So, I do not get all these logic about Symbian being safer than those ‘new kids on the block’
    On one hand, it is being claimed that Symbian has a high level of security, on the other hand, it is caveat is being THROWN IN- about the human factor.

  5. I once had a Samsung Galaxy SGHi9000 but I had to let go of it due to it’s intensive data gobbling tendencies. The phone would exhaust 100mb data bundle in less than 5 days with little or no use. I had to quietly jump ship back to symbian.

  6. @Keweno, the trick could have been to find out EXACTLY what app(s) was/were gobbling up the data.

    I once had a similar problem on a netbook. I installed an application that monitors all attempt at data connection snd easily identified the culprit..

  7. Before now, I would advice anyone without a larger than average data plan not to bother buying android phones. They sure do have great appetite for data. However, with free apps off the market you can monitor which app is the culprit and use some other apps like droidwall to block it from data access. There are loads of apps on my phone that connects to the net all the time for which I benefit little or nothing.my dial pad is an example. Most cases there are alternatives to enjoying same services without such huge drain on your data plan. Just monitor your data usage and deal with the culprits.

  8. EyeBeeKay,

    The problem with your position springs from your refusing to get the basics of nomenclature and what each nomenclature means.

    As such, when you assert that a PC or mobile cannot get infected without running an infected app or file, you are wrong. Not all malware require human action to replicate and execute their tasks.

    Have you ever used your USB flash drive with someone else’s PC, copied a picture and then later found malware on that drive that had nothing to do with the file you copied?

    Some of the most dangerous malware are those that do not require your actions, and yet you want to ignore those guys.

    As such, Steve’s challenge is NOT laughable in anyway. It is a valid challenge, because malware have been known to operate that way.

    Do read up on malware in details – viruses, worms, trojans, et al.

    Some of the security holes that were plugged on Android and iOS of recent didnt require user intervention. They were holes that would have been exploited from outside to compromise devices running those OSes.

    The same applies to PCs. Why would Microsoft bother with security fixes if all that was required was that users not click or run a file?

    In conclusion, yes; some malware require user intervention to run and/or replicate. But, you would be missing the full picture to think that was all to malware – on mobile or on PC.

  9. I get some of your point.

    But look at this from another perspective…

    (( Have you ever used your USB flash drive with someone else’s PC, copieda picture and then later found malware on that drive that had nothing to do with the file you copied? ))

    When you do a COPY, you are using system INTERRUPTS. there must have been a malware running (resident)in memory when you did that copy. That malware must have hijacked an ‘interrupt’, so that- any COPY operation TRIGGERS other actions- as specified in the viral code.
    Human action still caused that infection.

    (( Why would Microsoft bother with security fixesif all that was required was that users not click or run a file?))

    I ASSERT again, UNLESS either you, or the system you use has (DIRECTLY/INDIRECTLY) run a snippet of malware code, you can not have an infection!

    If a malware expoits a security hole, an innocent action (like that ‘copy’ example) represents the trigger. So, you are indirectly running infected code.

    If a trojan is programmed to wake up’ on- say- Dec 31, 2011, if you set your system date to that date, u HAVE RUN that trojan! If you put on your system on – THAT DATE you have run that trojan!

    A malware infection is a chain.
    At the root of all infections – YOU HAVE A SNIPPET OF CODE THAT WAS EXECUTED DIRECTLY BY A HUMAN BEING. I will repeat that. At the root of all viral infections – YOU HAVE A SNIPPET OF CODE THAT WAS EXECUTED DIRECTLY BY A HUMAN BEING.

    All malware need TRIGGERs to swing into ACTION .Triggers always due to HUMAN ACTION. A trigger like – putting on your system (an infected Master Boot Record [MBR] made to run virulent code), a flash drive inserted in a USB port (a resident_in_memory malware can detect that CTION, an do whatever it is programmed to do), opening an Excellent Worksheet with compromised embedded MACROS ,

    As to Litchfield’s challenge, it IS laughable. Just re-read what I said about running a ‘properly_signed’ Symbian App (with embedded virulent code). An app can be written that can do ANYTHING on that Symbian phone. How about deactivating the screen on a touchscreen phone – every 15 minutes, for an example? All that needs to happen is – get people to download and install the ‘tainted’ app, ensure it has appropriate ‘access privileges’, and it is a done deal. Symbian compromised.

    Do you now see the preposterousness in Steve Lictchfield’s ancient challenge? I do!

    (***

    As a side note, rather than bother with antivirus programs, I install an app like [Mamutu by EmsiSoft] on my netbook. [Mamutu] watches (in the background for viral-like activity, and alerts you. You can then (dis)approve the behaviour for that application, and that rule is saved.

    Thus a program trying to heuristically modify code surreptitiously is detected, an app trying to download / install anything in the background is unmasked, e.t.c.I

    ***)

  10. EyeBeeKay,

    In your last response, you have taken the issue of human action to an extreme, but then that’s okay. If we accept your premise of human action, Steve’s challenge remains valid. He said he would put on his Bluetooth and even accept SMS and MMS. In accepting Bluetooth files, and sms and MMS to be copied to his device, that is human action; isn’t it? But even with that, his phone still can’t get infected.

  11. The reason I insist Steve’s challenge is ludicrous is made lucid by this…

    A trigge (human or otherwise) is needed to ANIMATE a malware.

    If I bluetooth a malware to Steve’s phone, let him install that app. Let him run it. Then let him show how Symbian will stop that app from uninstalling something, voting contacts, or any other thing the malware is designed to do. AS long as that app has the right privileges, it will do its EVIL deed unhindered.
    THAT is the crux of the matter.

    His challenge means NOTHING. Most people that get their mobile device compromised do so BY INSTALLING & RUNNING infected apps. that holds true for ANY mobile OS

  12. EyeBeeKay,

    It is your position that is ludicrous. NO-ONE runs an infected app deliberately. NO OS – mobile or PC – stops a malware that is deliberately run from within it.

    I gave you an example: you copy a file to your PC and malware is copied along that run on their own without any further human intervention. That is what Steve’s challenge addresses.

    If certain malware can replicate, infect and harm a PC silently as decribed above, Steve has asked for a demonstration of that on his Symbian devices.

    You are playing a game of double standards here, my friend.

  13. I need to take sides with Yomi in the first instance. Not all malware requires an active roll from a user. Sometimes, a malware could subtly enter your system and does it’s mal-function without you knowing.

    And there are some boot sector virus that doesnt need one to copy a file from a flash before it infects a system. Once you plug in the Flash drive into a PC’s USB port a boot loader virus will just start it’s action. You do not need to copy or click on anything. I’ve learnt this the hard way.

    Finally, no one dares a hacker that his system is safe. There is always a way in. A hacker can exploit Bluetooth, flash or PDF plug-ins to carry out his nefarious activity. My man Steve should be careful not annoy lulsec, or Anonymous. Those guys put fears into the hearts of big guys like the CIA!

    In the pawn2own competition coming soon; Hackers hack ALL mobile OSes to own them. Along with cash gifts. No mobile OS has stood against those gifted Hackers without falling from their Hacking prowess to this day.

Leave a Reply

Your email address will not be published. Required fields are marked *