Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
mobile phones « The FORWARD project blog

Posts Tagged ‘mobile phones’

New Trojan affects Android devices

Friday, January 7th, 2011

A new sophisticated Android Trojan, dubbed “Geinimi”, emerged in China compromising devices, bundling with botnet-style functionality.

The malware sends personal data of a user’s phone to a remote server and is also capable of receiving commands from, controlled by hackers, remote servers, in order to control the phone. Mobile security firm Lookout describes the malware as the most sophisticated to appear on Android devices wich has been uploaded onto third-party Chinese Android app markets, poses as gaming applications(Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, Baseball Superstars 2010).

When Geinimi is launched, collects significant information like location coordinates, unique identifiers for the device (IMEI) and SIM card (IMSI) and attempts to connect to a remote server to transmit the collected device information.

The security firm already updated both free and paid versions of its software to protect against Geinimi.

source:http://blog.mylookout.com/2010/12/geinimi_trojan/

Analysis of Android Froyo uncovers 88 flaws exposing users’ data

Sunday, November 28th, 2010

A study by Coverity unveils 88 flaws exposing users’ data. The study examined the publicly disclosed version of the Android kernel. Among the discovered defects in Android there where memory corruptions, memory illegal accesses and resource leaks. All mentioned defects are considered high-risk.
Coverity said it won’t release details until January. This way it allows Google and handset vendors to issue fixes.
While Android is the OS of about 26% of the smart-phones worldwide[2] and  companies are supplying their employees with smart-phones for mixed business and personal use, malicious software could be deployed to extract informations from companies.

[1] http://www.coverity.com/library/pdf/coverity-scan-2010-open-source-integrity-report.pdf

[2] http://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Mobile_devices

Mobile network hack reveals sensitive cellphone data

Saturday, April 24th, 2010

Researchers have shown how easy is to find the number of most US-based mobile phone structural cracks in GSM mobile networks and to track practically any GSM-enabled handset through the world.

In the end of 2008 Tobias Engel demonstrated how to find the whereabouts of mobile phones by tapping into mobile network databases. An independent researcher Nick DePetrillo from the Source Conference in Boston Wednesday, and Don Bailey of iSec Partners proved how with related techniques it is possible to find a person’s spot even when his number is unknown and to gather other details which most users assume are undetectable.

(more…)

Are smartphones secure?

Monday, January 25th, 2010

Today’s smartphones are no more normal mobile phones, they are small personal computers. Therefore threats for smartphones are the same as for personal computers. The only difference form this point of view is that personal computers generally use Microsoft Windows as operating system, whereas there are a wide variety of mobile platforms. Due to this fact mobile platforms are harder to attack.

But the biggest danger for a mobile phone is one that is not one for personal computers: You can lose your mobile phone. This is not only a danger for smartphones but also for all mobile devices containing personal information. Another danger for smartphones is leaving them unattended or loaning it to people because they can install spyware on your smartphone. Additionally to spyware there are mobile viruses, worms and Trojans threatening your smartphone. They can spread using e-mail or via SMS.

Generally speaking, web-based and e-mail attacks are as possible with smarthones as they are with personal computers. Wi-Fi and Bluetooth are two technologies which can be dangerous too. Wi-Fi can be attacked by a man-in-the-middle attack and Bluetooth is also a target for attacks. A good discussion of Bluetooth security you can find here: part1, part2. Here you can find a FAQ on how to use your smartphone securely. Another interesting article about smartphone security can be found here.

GSM-encryption hacked

Monday, January 18th, 2010

The communication over the gsm network is no longer secure. At the 26th Chaos Communication Congress in Berlin the security researcher Karsten Nohl from Germany presented how to eavesdrop cell phones without high financial and technical costs.

The encryption algorithm(A5/1) of the gsm network is over 20 years old and can be hacked by non-professionals with relatively easy means in a short time. Nohl said that he and his helpers had successfully hacked the gsm-encryption algorithm in a distributed attack within three month and with 40 computers. The needed codebook with the rainbow tables is already distributed via file sharing networks. With this practical tutorial for hacking the gsm network the attacks will be considerably faster in the future.

Therefore the Chaos Computer Club asks for a stronger encryption of the gsm network from the industrial association GSMA. The GSMA denies this because they say that although hacking the gsm network is theoretically possible, it is practically improbable and the application of the presented method of hacking the gsm network is in many countries illegal.

This news is based on a german article which can be found here.

T-Mobile hacked

Thursday, June 11th, 2009

According to The Register, hackers have hacked into T-Mobile’s computers and the hackers claim they have stolen corporate data, customer accounts and the lot. As proof, they posted some configuration files that appear to be genuine.

“We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.”

Really quite worrying. If true, I am curious what is meant by ‘customer accounts’, Would that include ways to get to call records? Personally, I think the opportunities and increasing incentive to use mobile devices (or information about their use) for malicious activities scary.

T-Mobile is in denial: “There is no evidence customer data is compromised.”