The malware sends personal data of a user’s phone to a remote server and is also capable of receiving commands from, controlled by hackers, remote servers, in order to control the phone. Mobile security firm Lookout describes the malware as the most sophisticated to appear on Android devices wich has been uploaded onto third-party Chinese Android app markets, poses as gaming applications(Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, Baseball Superstars 2010).

When Geinimi is launched, collects significant information like location coordinates, unique identifiers for the device (IMEI) and SIM card (IMSI) and attempts to connect to a remote server to transmit the collected device information.

The security firm already updated both free and paid versions of its software to protect against Geinimi.

source:http://blog.mylookout.com/2010/12/geinimi_trojan/

[1] http://www.coverity.com/library/pdf/coverity-scan-2010-open-source-integrity-report.pdf

[2] http://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Mobile_devices

In the end of 2008 Tobias Engel demonstrated how to find the whereabouts of mobile phones by tapping into mobile network databases. An independent researcher Nick DePetrillo from the Source Conference in Boston Wednesday, and Don Bailey of iSec Partners proved how with related techniques it is possible to find a person’s spot even when his number is unknown and to gather other details which most users assume are undetectable.

The information disclosure hack works by tricking the GSM caller ID system into assembling what amounts to a white pages directory of nearly every mobile phone number. In order to do that, the researchers DePetrillo and Bailey established a voice over IP account that included caller ID. Moreover, they called the account over and over by using enormous blocks of spoofed numbers and logged the caller ID production of each one by using an Asterisk server.

The cataloged lookup information let them to find individuals related to the numbers and vice versa. Furthermore, it disclosed huge pools of numbers that were part of private corporations and government agencies.

Nevertheless, DePetrillo and Bailey blocked the numbers they wanted to trace into the so-called HLR, or home location register. The database, and the larger SS7 protocol to which it belongs, in many respects is to mobile networks what TCP/IP is to the internet, allowing cellular carriers to place the position of a receiver so it can accept voice or text traffic.

The techniques develop functionality built into GSM networks to ensure the fact that calls can be routed dependably to an earpiece wherever in the world it’s situated. As such, it will be difficult to fix the revelation threat without breaking the networks.

For more information read the following article:

http://www.theregister.co.uk/2010/04/22/gsm_info_disclosure_hack/

But the biggest danger for a mobile phone is one that is not one for personal computers: You can lose your mobile phone. This is not only a danger for smartphones but also for all mobile devices containing personal information. Another danger for smartphones is leaving them unattended or loaning it to people because they can install spyware on your smartphone. Additionally to spyware there are mobile viruses, worms and Trojans threatening your smartphone. They can spread using e-mail or via SMS.

Generally speaking, web-based and e-mail attacks are as possible with smarthones as they are with personal computers. Wi-Fi and Bluetooth are two technologies which can be dangerous too. Wi-Fi can be attacked by a man-in-the-middle attack and Bluetooth is also a target for attacks. A good discussion of Bluetooth security you can find here: part1, part2. Here you can find a FAQ on how to use your smartphone securely. Another interesting article about smartphone security can be found here.

The encryption algorithm(A5/1) of the gsm network is over 20 years old and can be hacked by non-professionals with relatively easy means in a short time. Nohl said that he and his helpers had successfully hacked the gsm-encryption algorithm in a distributed attack within three month and with 40 computers. The needed codebook with the rainbow tables is already distributed via file sharing networks. With this practical tutorial for hacking the gsm network the attacks will be considerably faster in the future.

Therefore the Chaos Computer Club asks for a stronger encryption of the gsm network from the industrial association GSMA. The GSMA denies this because they say that although hacking the gsm network is theoretically possible, it is practically improbable and the application of the presented method of hacking the gsm network is in many countries illegal.

This news is based on a german article which can be found here.

“We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.”

Really quite worrying. If true, I am curious what is meant by ‘customer accounts’, Would that include ways to get to call records? Personally, I think the opportunities and increasing incentive to use mobile devices (or information about their use) for malicious activities scary.

T-Mobile is in denial: “There is no evidence customer data is compromised.”