Tag Archives: telephone

WhatsApp in violation of privacy law.

Some very sensitive communications

Some very sensitive communications happen over WhatsApp

WhatsApp Inc. the company behind the hugely successful cross (mobile) platform messaging app have been hauled over the coals subsequent to a joint investigation by the Dutch Data Protection Authority and The Office of the Privacy Commissioner of Canada. Their joint news release from the 28th January finds that WhatsApp is guilty of

violating certain internationally accepted privacy principles, mainly in relation to the retention, safeguard, and disclosure of personal data“.

These findings reinforce the conclusions that David Sancho came to last year when researching the security of mobile apps, and also the conclusions of a recently released Ponemon study into data privacy

The investigation ran over several months and resulted in three key findings, two of the issues have already been substantially resolved by WhatsApp Inc. but a third remains outstanding.
Continue reading

Google Android rooted, backdoored, infected.

Android Attack

Image from MJ/TR Flickr under Creative Commons


 
The folks over at Android Police published details yesterday of what they describe as “the mother of all Android malware” that was initially spotted by reddit contributor lompolo.
 
Lompolo posted details of 21 Android apps which were repackaged version of legitimate apps, at current count now more than 50 malicious apps appear to be involved. The repackaged versions include the rageagainstthecage or the exploid exploit which is capable of gaining root access to the device. Not only do these trojanised apps steal device details such as IMEI and IMSI but they also install further hidden malware which siphons even more user information off the device and into the hands of criminals. Further research from Android Police reports that this second payload also contains a dropper capable of downloading further code.
 
In a response to the intial posting by lompolo one of the developers of the legitimate apps that have been hijacked commented:
 

I’m the developer of the original Guitar Solo Lite. I noticed the rogue app a bit more than a week ago (I was receiving crash reports sent from the pirated version of the app). I notified Google about this through all the channels I could think of: DCMA notice, malicious app reporting, Android Market Help…they have yet to respond. Thankfully this was posted on Reddit, since after the post the rogue dev and all his apps have been removed from the market. There really should be a faster/easier way to get Google to act on it!”

 
Trend Micro detect this threat (popularly known as DroidDream) as ANDROIDOS_LOTOOR.A, further details in the link.
 
During the five days these apps were available an estimated 50,000 downloads have taken place. Google have now pulled the apps and blocked the rogue developer from Android marketplace, they have also remotely removed the apps from affected handsets. Of course this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection. So if you are one of the estimated 50,000 people who have downloaded these malicious apps it could be worth your while investigating the possibility of getting a replacement handset or reinstalling the operating system on the one you have if possible.
 
The Android app ecosystem is by definition open, there is a wide array of app stores available and apps can be published to the user community in minutes. This greater openness of the developer environment has been argued to foster an atmosphere of creativity, but as Facebook have already discovered it is also a very attractive criminal playground.
 
It is worth remembering that full security suites are now available for Google Android, such as this one. The number of threats to mobile platforms is growing and growing at a steady rate. Of course the sheer volume of mobile malware  is a long way from the epidemic proportions of Windows based malware, but criminal interest is clearly there and growing. We see multi-platform attacks distributed by the same criminal groups that traditionally have focused on Wintel systems, and the growth in complexity of threats, for example ZeuS malware now incorporating mobile elements aimed at intercepting SMS banking authentication codes is striking. Criminals are driven by consumer behaviour and as the money-making opportunities move to mobile platforms criminals will, in fact already are, following.
 
A full list of the trojanised apps, published by Myournet, is:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

 
The Guardian have published an expanded list of apps believed to be trojanised in this way here.
 

An unwanted favour from India

I just received a call, not for the first time, from a call centre located in India. The caller knew my name and used it as if to demonstrate that this was not a cold call. Normally I hang up on this kind of call, but this time I decided to let them roll… This kind of scam is nothing new but it seems to be on the rise and the potential for profit must be great. I want to do my bit for raising awareness with this blog post
 

Image courtesy of alexkerhead's Flickr photostream

  

The helpful caller identified himself as working for a company called My PC Care and explained that he was a Microsoft Certified Professional. According to this bogus technician there are some pretty nasty files “more dangerous than viruses” doing the rounds, these files were so dangerous, he explained, that some 40% of Microsoft Windows users had “lost their computers”. As a result they were calling “all users of Microsoft Windows” (an ambitious task) to repair the damage before all was lost.
  
I played along with them and expressed concern that my computer might also fall victim, so the helpful technician began taking me through some entirely bogus “troubleshooting”. In brief I was asked to open the windows Event Viewer.  The scammer encouraged me first to look in the Application Log where he was sure I would find several Errors and Warnings. Lo and behold, he was correct. To be honest in all the years I have been involved in IT I have yet to see a Windows PC without errors and warnings in the Event Viewer, but of course these scammers are relying on the unfamiliarity of their victims and hope to scare them and at the same time gain credibility.
  
The engineer was very insistent that I should not click on or open any of these Error messages because “they are the malicious infections” warning in doom-laden tones that after about two weeks this would “crash my hard drive”. I was then asked to repeat this charade looking through various other Event Viewer logs, each time the dire predictions of impending disaster got worse.
  
My ever helpful technician-scammer guy suggested that now would be a good time to transfer me to his supervisor so that they could clean up these dangerous files once and for all and I agreed, anxious of course that my computer might be on the edge of silicon Armageddon. Unfortunately my fun was coming to an end, the supervisor wanted me to use the (entirely legitimate and very helpful) service LogMeIn.com  to permit their technicians remote access to my computer, at which point they would have been free to do whatever they liked. Of course I had to decline and hang up at that point.
  
So what is the point of this kind of scam you might ask? Well once you have granted remote access to your computer to a complete stranger, really they are free to do whatever they want install malicious software to steal information, look through modify or copy your personal files or in this case simply pretend to fix some non-existent problem charge you for the pleasure and then sell you a subscription to their services.
  
The scam seems to have started out in countries where English is a first language, but emboldened by their successes and perhaps hungry for more money it seems the scammers are constantly on the lookout for new targets, expect to see this showing up on a telephone near you soon.
  
Should you ever receive a call from anyone claiming to know that your PC is infected, or that you are having performance problems, just hang up; it’s a lot less painful than playing along. Remember also, just as a rule of thumb, never confirm anything, even your name, to anyone over the telephone until they have satisfied you of their integrity first.