Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Mobile & Wireless
Showing posts in English
Irfan Asrar | 10 Jan 2012 16:13:58 GMT

2011 has seen some dramatic changes in the mobile landscape, with the ever-increasing growth rates in consumer adoption of smart phones. This has not gone on without getting the attention of the criminal fraternity, which has turned its attention to mobile malware. But what remains to be seen is if this trend moves beyond the stage of testing the waters to actually making a significant impact, reaching the scales we associate with threats for Windows. If the activities of the past week are any indicator, then 2012 is off to an interesting start. Another scam has come to our attention, this time targeting Android users in France, attempting to exploit the frenzy surrounding Carrier IQ.

From our analysis, Android.Qicsomos is a modified version of an open source project meant to detect Carrier IQ on a device, with additional code to dial a premium SMS number. On installation,...

Irfan Asrar | 03 Aug 2011 15:58:24 GMT

Threats making or transmitting unauthorized audio recordings are not a new concept, though they have largely been limited to proof-of-concept demonstrations and final-year university projects. This is a vector that generates a lot of intrigue from researchers, as it pertains to many facets in security, such as data loss prevention and mobile threats, not to mention the changing face of the threat landscape. It is also something we have blogged about previously. Thus, when we received several inquiries about an Android threat we discovered over a week ago, and its ability to upload recorded voice conversations to a remote sever, I decided to take a second look at the threat Android.Nickispy.

This app was available on...

Irfan Asrar | 18 Jul 2011 19:54:16 GMT

A quick online search would reveal a number of articles declaring any one of the last few years as being the “year of mobile malware.” Conversely, these searches also reveal claims that the same years are not going to be the year of mobile malware. These search results go back as far as the early part of the decade. The contradictory nature of these bold predictive headlines could be explained by the fact that the articles are typically written at the beginning of each year—and who knows what the year may hold at the outset?

But, if the criteria to qualify 2011 as the real "year of mobile malware" was to be challenged, then surely the events of the past few weeks alone should be enough to justify the fact that this year truly has seen considerable seismic activity that has shifted the tectonic plates of the mobile threat landscape.
Mathew Maniyara | 06 Jul 2011 18:21:50 GMT

Technologies in cell phones are advancing day after day, and so phishers are also seeking various means to exploit vulnerable cell phone users. The two key areas in which we can see this trend are, firstly, the increase in phishing against wireless application protocol (WAP) pages, and secondly, the use of compromised domain names that have been registered for mobile devices.

Many legitimate brands have designed their websites for cell phones or WAP pages. The difference between a WAP page and a regular Web page is that the WAP page uses reduced file sizes and minimal graphics. This is done for cell phone compatibility and also to achieve higher browsing speeds while the user is on the move. Symantec has recorded phishing sites spoofing such Web pages and has monitored the trend. In June, social networking and information services brands were observed in these phishing sites. In the example shown below, the phishing page consists of nothing more than a form asking for users...

Mario Ballano | 29 Jun 2011 19:35:24 GMT

We have been taking a close look at Android threats since they first appeared, looking for ways to analyze and classify them, as well as looking at possible attack vectors they may use in the near future. Some of our research has uncovered how Android applications could potentially exploit other installed applications to steal their private information or execute malicious code. In particular, we came across something that resembles Windows DLL Hijacking. Bear in mind that we are not talking about Android vulnerabilities per se, but application-specific issues. We found a few applications in the Google Android Marketplace that were susceptible to this attack and have notified the application developers accordingly.

Android provides APIs that allow an application to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time...

Spencer Parkinson | 20 Apr 2011 07:50:45 GMT

More than ever before, smartphones are keeping us connected both personally and professionally. Because most of us have a preference as to the ideal smartphone, IT departments are increasingly being tasked with managing a mix of business-liable and employee-liable devices. This trend has become known as the consumerization of IT.

Symantec has developed a short survey to get smartphone end users’ perspectives on this trend. We’d also like to learn more about how your employer is managing the growing use of smartphones, especially those being purchased and brought into the organization by employees. The quick five minute survey can be found here:

Once you’ve taken the survey, please stay tuned to the original post that resides in the...

khaley | 17 Nov 2010 13:50:44 GMT

My prediction is that we are all going to become nostalgic for the days of fame-seeking mass mailers and network worms. Think of LoveLetter, SQL Slammer, and Melissa all crashing millions of systems within hours of being released into the wild. Those threats seem quite quaint these days as we enter the third significant shift in the threat landscape.

We moved from fame to fortune (which we have dubbed “crimeware”) in the last ten years. Mass mailers were replaced by malware that steals credit card information and sells phony antivirus products. Malware has become a successful criminal business model with billions of dollars in play. The goal became stealth and financial gain at the expense of unsuspecting computer users. And Trojans and toolkits, like Zeus, are the modern tools of the trade.

We have now entered a third stage—one of cyber-espionage and cyber-sabotage. Cyber-espionage did not begin with Stuxnet, and crimeware does not end with it. In...

Symantec Security Response | 16 Aug 2010 18:14:25 GMT

A few days ago we came across an interesting application in the Android Market, which we’ve decided to detect as AndroidOS.Tapsnake. Why are we detecting this? A cursory read through the description doesn’t tell us much, other than it’s a spin on the classic “snake” video game, which dates back to the 1970s:

"Yet another modification of the Google Android Snake game. This one listens to the taps for its turn directions." 

Sure enough, after downloading and registering the game it plays as you might expect it to:

However, the Android “satellite” icon appeared in the top menu bar while the game was running, indicating that GPS data was being...

khaley | 03 Aug 2010 17:35:57 GMT

It seems like almost everyone I know has an iPhone, or at least wants one. Among iPhone users in the U.S.—where the phone’s operating system is locked and customers are limited to just one carrier—jailbreaking the devices is almost as popular. Jailbreaking Apple devices such as the iPhone essentially unlocks the operating system to allow root access, enabling users to make additional customizations to their phones.
Jailbreaking iPhones has its risks, because it opens the door to the devices becoming more susceptible to attack and malware infection. Another concern is that the vulnerabilities in the devices that the jailbreak code exploits could also be used to carry out malicious attacks against the users of the phones.
Just yesterday, such an exploit was published, targeting the fourth generation iPhone for the purpose of jailbreaking the device. Thankfully, the details of the exploit are not publicly documented and the...

Mathew Maniyara | 28 Jul 2010 09:27:50 GMT

In July 2010, several phishing sites were observed to be spoofing social networking brands. This in itself is nothing new, but this time the sites were posting fake offers for free online mobile phone airtime top-ups. The phishing pages displayed the icons for a number of popular cellular service providers in India. Upon entering login credentials on the phishing site, the page displayed certain steps for the user to follow to obtain the fake offer:

First, the customer is asked to select the amount of airtime recharge in rupees, which should not exceed Rs 500 per day. Then, after selecting the amount, the phishing site generates a Java code. The user is then prompted to use the Java code whenever he or she requires a free mobile recharge. The page states that the Java code has to be entered on the address bar after...