Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Android
Showing posts in English
Will Your Next TV Manual Ask You to Run a Scan Instead of Adjusting the Antenna?
Irfan Asrar | 12 Oct 2011 09:22:13 GMT | 0 comments

Contributors: Shunichi Imano

October 2011 marks the eighth annual “National Cyber Security Awareness Month” to be held in the United States. One highly visible concern that makes this year different from previous years is the triple-digit growth rates that are being reported across the board by every antivirus vendor when it comes to threats discovered that target mobile devices. Although the main points made in these reports remain largely the same, it is clear that mobile malware has not only come of age, but that the growth rate has been unprecedented. An underlying message comes across loud and clear: indisputably, everyone agrees that criminals targeting mobile devices have become a force that is here to stay, becoming as ubiquitous as the devices/platforms themselves.

But just when you think you have seen it all, along comes another twist, demonstrating that there is no shortage of ideas when it comes to social engineering. Because of the so...

Read more
Animal Rights Protesters Use Mobile Means for Their Message
Irfan Asrar | 15 Aug 2011 20:33:04 GMT | 0 comments

After a public outcry and a write-in campaign failed to convince the creators of ‘Dog Wars’ to discontinue work on their app, it appears that protester(s) have now taken to targeting the users of the app directly in order to get their message across. Symantec has discovered that a Trojan code was planted into an older version of ‘Dog Wars’ (Beta 0.981) that can still be found circulating on warez sites. This version has not been found on the official Android Market.

Agreement by the user to grant the permissions requested by the app (which will include SMS permission) will allow for the the app to be installed. Upon installation, the display icon of the legitimate app looks almost identical to that of the app that has been bundled with the Trojan (on devices with a screen size of 3 – 3.5 inches). In fact, they looked so similar, we almost failed to spot this...

Read more
Hardware Fragmentation Thwarts Android Call-Recording Trojan
Irfan Asrar | 03 Aug 2011 15:58:24 GMT | 0 comments

Threats making or transmitting unauthorized audio recordings are not a new concept, though they have largely been limited to proof-of-concept demonstrations and final-year university projects. This is a vector that generates a lot of intrigue from researchers, as it pertains to many facets in security, such as data loss prevention and mobile threats, not to mention the changing face of the threat landscape. It is also something we have blogged about previously. Thus, when we received several inquiries about an Android threat we discovered over a week ago, and its ability to upload recorded voice conversations to a remote sever, I decided to take a second look at the threat Android.Nickispy.

This app was available on...

Read more
Android Class Loading Hijacking
Mario Ballano | 29 Jun 2011 19:35:24 GMT | 0 comments

We have been taking a close look at Android threats since they first appeared, looking for ways to analyze and classify them, as well as looking at possible attack vectors they may use in the near future. Some of our research has uncovered how Android applications could potentially exploit other installed applications to steal their private information or execute malicious code. In particular, we came across something that resembles Windows DLL Hijacking. Bear in mind that we are not talking about Android vulnerabilities per se, but application-specific issues. We found a few applications in the Google Android Marketplace that were susceptible to this attack and have notified the application developers accordingly.

Android provides APIs that allow an application to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time. Unfortunately...

Read more
New Symantec Research: The Current State of Mobile Device Security
Carey Nachenberg | 27 Jun 2011 21:08:09 GMT | 0 comments

The mass adoption of both consumer and managed mobile devices in the enterprise has increased employee productivity, but has also exposed the enterprise to new security risks. Our latest research is a deep dive into the current state of mobile device security. You can read the whitepaper in its entirety here.

More than anything else, the analysis shows that while the most popular mobile platforms in use today were designed with security in mind—and certainly raise the bar compared to traditional PC-based computing platforms—they may still be insufficient for protecting the enterprise assets that regularly find their way onto these devices.

Today’s mobile devices also connect to an entire ecosystem of supporting cloud and desktop-based services. The typical smartphone synchronizes with at least one public cloud-based service that is outside enterprise control. At the same time, many users also directly synchronize...

Read more