Smartphone malware apps
in [UK Mac]
|
From: Justin C on 10 Aug 2010 06:10 R4 Today programme mentioned apps for smartphones that were snaffling user data and passwords and sending them off to naughty people... or at least to the authors who must be a bit dodgy. Author of the peice said that in x number of days he'd written his own snaffling program, and that he doesn't know how to write software. What I'm curious about is whether any of these have been found on iOS, have they been found in the app store? Or is it just other OS phones that are seeing these due to weakness in the OS? Justin. -- Justin C, by the sea.
From: Woody on 10 Aug 2010 07:37 Justin C <justin.1007(a)purestblue.com> wrote: > R4 Today programme mentioned apps for smartphones that were snaffling > user data and passwords and sending them off to naughty people... or > at > least to the authors who must be a bit dodgy. Author of the peice said > that in x number of days he'd written his own snaffling program, and > that he doesn't know how to write software. > > What I'm curious about is whether any of these have been found on iOS, > have they been found in the app store? Or is it just other OS phones > that are seeing these due to weakness in the OS? They have been found on android. The thing is not really anything to do with any weakness in the OS, it is perfectly legitimate for an application to want to get this data under certain circumstances, it is a question of how much data it gets and what it does with it. Reading back you said passwords, I hadn't heard of that, and that would be a flaw, the android thing was just getting names and numbers. Clearly if he knows how to get passwords from an application he wrote, he really does now how to write software, so wonder what else he is lying about? -- Woody
From: ray on 10 Aug 2010 07:41 Justin C <justin.1007(a)purestblue.com> wrote: > R4 Today programme mentioned apps for smartphones that were snaffling > user data and passwords and sending them off to naughty people... or at > least to the authors who must be a bit dodgy. Author of the peice said > that in x number of days he'd written his own snaffling program, and > that he doesn't know how to write software. > > What I'm curious about is whether any of these have been found on iOS, > have they been found in the app store? Or is it just other OS phones > that are seeing these due to weakness in the OS? > You would hope anything in the AppStore was safe. Apps available to Jailbroken iPhones might be worth a caution. Is there any worthwhile and effective anti malware app available for iOS? -- http://www.dream-weaver.com/email.php Web development promotion and seo http://www.spaldingcomputers.co.uk http://www.overseasmovingsolutions.com/
From: James Dore on 10 Aug 2010 09:36 On Tue, 10 Aug 2010 11:10:11 +0100, Justin C <justin.1007(a)purestblue.com> wrote: > > R4 Today programme mentioned apps for smartphones that were snaffling > user data and passwords and sending them off to naughty people... or at > least to the authors who must be a bit dodgy. Author of the peice said > that in x number of days he'd written his own snaffling program, and > that he doesn't know how to write software. > > What I'm curious about is whether any of these have been found on iOS, > have they been found in the app store? Or is it just other OS phones > that are seeing these due to weakness in the OS? > > Justin. > They're unlikley to be found via legitimate means, i.e. the AppStore, but there are a couple of unpatched vulnerabilities in iOS that could lead to them being installed silently. It requires a specially-crafted PDF file that allows arbitrary code execution, which then runs code to break out of the application sandbox and in effect gain root access to the device. It's one of the processes for jailbreaking them, but could easily be adapted for nefarious purposes. http://www.theregister.co.uk/2010/08/03/ios_jailbreak_howdunnit/ http://www.theregister.co.uk/2010/08/04/apple_ios_security_bug/ Cheers, James -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
From: Mark on 10 Aug 2010 10:38 On Tue, 10 Aug 2010 14:36:54 +0100, James Dore wrote (in article <op.vg75fsexjrtqts(a)terao.new.ox.ac.uk>): > On Tue, 10 Aug 2010 11:10:11 +0100, Justin C <justin.1007(a)purestblue.com> > wrote: > >> >> R4 Today programme mentioned apps for smartphones that were snaffling >> user data and passwords and sending them off to naughty people... or at >> least to the authors who must be a bit dodgy. Author of the peice said >> that in x number of days he'd written his own snaffling program, and >> that he doesn't know how to write software. >> >> What I'm curious about is whether any of these have been found on iOS, >> have they been found in the app store? Or is it just other OS phones >> that are seeing these due to weakness in the OS? >> >> Justin. >> > > They're unlikley to be found via legitimate means, i.e. the AppStore, but > there are a couple of unpatched vulnerabilities in iOS that could lead to > them being installed silently. It requires a specially-crafted PDF file > that allows arbitrary code execution, which then runs code to break out of > the application sandbox and in effect gain root access to the device. It's > one of the processes for jailbreaking them, but could easily be adapted > for nefarious purposes. > > http://www.theregister.co.uk/2010/08/03/ios_jailbreak_howdunnit/ > http://www.theregister.co.uk/2010/08/04/apple_ios_security_bug/ > > > Cheers, > James > I did see something called PDFOpener (or similar) in Cydia. If memory serves it was an app to warn about rogue PDFs opening (or trying to open) Mark
|
Next
|
Last
Pages: 1 2 Prev: MacBook Pro problem (USB Hub) Next: iPod Touch birthday pressie - app suggestions |