Is your Android running a temperature?
You might have heard about Botnets, i.e. networks of infected (Windows) computers which are unwittingly under control by a malicious party. Public examples of botnets-in-action are attacks against the FBI, the U.S. Department of Justice, or against Universal and Warner Music as a retaliation for the shutdown of Megaupload.com. But have you ever heard of a Botnet made of Android phones?
_image.jpg?subformat=icon)
Some apps available from your favorite app store are malicious and try to steal your private data once installed or auto-dial expensive premium phone numbers.
Unfortunately, the open model for Android apps employs neither quality control nor an approval process. Several Android apps, e.g. wallpaper apps and sound clips, have already been identified as being malicious. Symantec recently reported at least 13 different malicious apps which are suspected to span up a Botnet of thousands of mobile phone. If you run apps from “iApps7 Inc.” (e.g. “Counter Elite Force” or “Heart Live Wallpaper”), from “Ogre Games” (e.g. “Balloon Game”, “Deal & Be Millionaire”, or “Wild Man”), or from “redmicapps”, then beware as your phone might have been compromised.
For further details and mitigations, please check the corresponding advice from Symantec. iPhones, iPads etc. are less affected since Apple tightly controls their app store. But the risk remains high for those who have jail-broken their iOS devices. Generally, be aware that mobile phones must be protected like normal computers: keep your system up-to-date, enable the regular automatic installation of updates/patches, and do not install untrusted software from untrusted sources. Check out our guidelines for protecting you PC here. There is lots which can be directly applied to your mobile phone, too.
For further information, please check our web site or contact us at Computer.Security@cern.ch.
