Hundreds of Google Play Apps Create Spoofed Messages in Users' SMS Inboxes: Symantec
Added 7th Nov 2012About 200 Android applications currently hosted on Google Play create spoofed SMS messages on the devices they are installed on, according to security researchers from antivirus vendor Symantec.
This technique can theoretically be used for SMS phishing, a type of attack where users are asked for sensitive information or to subscribe to paid services through rogue SMS messages that appear to originate from a trusted source.
However, the applications detected so far use the technique for other purposes, like displaying advertisements, Mario Ballano, a security researcher at Symantec, said Monday in a blog post.
Last Friday, security researchers from North Carolina State University announced the discovery of a so-called "smishing" (SMS phishing) vulnerability in the Android Open Source Project (AOSP) -- the code that serves as the basis for most Android firmware created by phone manufacturers.
The vulnerability allows a running app without any special permissions to directly write text messages with spoofed sender addresses (telephone numbers) and arbitrary content in the user's SMS inbox.
"We believe such a vulnerability can be readily exploited to launch various phishing attacks," Xuxian Jiang, an associate professor in the Department of Computer Science at NC State University, said at the time. The Google Android Security Team was notified and confirmed that a change will be made in a future Android release to stop this behavior, he said.
However, the code to generate such spoofed SMS messages locally has been publicly documented and used since August 2010, Ballano said.
"We have recorded more than 250 applications that contain code using this technique including 200 that are currently available on Google Play with millions of combined downloads," the researcher said. "Some of the applications use the code to better integrate text messaging with instant messaging or other online services. The vast majority are using an ad-network software development kit (SDK), which pushes ads straight into your SMS inbox."
Even though Symantec has not yet detected an app that used this technique for SMS phishing, users should be wary of the source of any suspicious incoming text messages until Google solves this problem in Android, Ballano said.
-
GE Thinks it's Time to Put Industrial Data in the Cloud
Internet tools are just starting to be applied to industrial tasks such as maintaining equipment and optimizing operations, but the wealth of data being produced by industrial systems could make this a major focus of development in the coming years.
-
Microsoft Slashes Surface RT Prices by 60% for Schools
Microsoft today confirmed that it has heavily discounted the Surface RT tablet to universities and K-12 schools, cutting the price of the entry-level model by 60%.
-
Microsoft Dynamics ERP Software Now Available on the Azure Cloud
Microsoft is upping the stakes in the growing market for cloud-based ERP, with its Dynamics GP 2013 and NAV 2013 products now available for deployment on its Azure service.
-
Icahn Acquires Larger Stake in Dell, Proposes New Buyout Deal
Carl Icahn has acquired a larger stake in Dell and called for a better buyout offer than the proposal of US$13.65 per share from Michael Dell and Silver Lake Partners.
-
IT Capital Spending Rises, But Not for PCs
While Windows 8 is getting blamed for dismal PC sales, upgrading laptops and desktop systems isn't a priority for business users, according to new research.
-
Google Asks to Make Surveillance Orders Public, Citing First Amendment
Google has asked the court overseeing terrorism-related surveillance programs at the U.S. National Security Agency to allow the company to publish information on the number of surveillance requests it receives.
-
Tablet Downsizing Trend to Quicken in Second Half of 2013
The shift toward smaller tablets will accelerate in the second half of the year when a slew of tablet makers, including Apple, introduce new models with screens 8-in. or smaller, said Richard Shim, an analyst with DisplaySearch.
-
Fortinet Introduces Next-Generation Operating System for Web Application Firewall Product Family
The company also launched New Enterprise-Class FortiWeb Appliances for Protecting Critical Web Applications in Heavily Trafficked Environments
-
Yahoo Discloses User Data Requests from US law Enforcement Agencies
Yahoo has received between 12,000 to 13,000 requests for user data from law enforcement agencies in the U.S. between Dec. 1 and May 31 this year.
-
How Google's Internet Balloons Work
Google launched high-altitude balloons in a test to create a wireless network that could provide Internet access to remote and underserved parts of the world.
-
Vodafone Lets You Recharge Your Phone with Your Butt
Vodafone, in partnership with researchers from the University of Southampton, have created a pair of phone-recharging pants called the Power Pocket shorts, which comes with a small patch of thermoelectric material stitched directly into a pair of denim shorts that simply converts body heat into power.
-
Proposed E-license Plates Could Be Used to Track People
A pair of South Carolina lawmakers has introduced legislation that would pave the way for a pilot program involving electronic license plates that could be altered remotely by the state's DMV.
-
Google Funds Campaign Against Child Porn Online
Google announced via blog post a new technology-driven initiative against child pornography. The company is launching a $2 million Child Protection Technology Fund "to encourage the development of ever more effective tools" to fight online child pornography.
-
Oracle's Q4 Results: What to Watch
Many eyes in the tech world will fall on Oracle later this week, when the vendor's fourth-quarter results are set for release. This is typically the biggest reporting period for Oracle each year in terms of revenue, but a number of questions loom beyond its top-line performance.
-
Today's Top Supercomputer is Owned by China
China has regained the crown for the fastest supercomputer on the planet, according to the semiannual Top500 list, which claims that the Milky Way-2 supercomputer has doubled the performance of the previous leader, the American "Titan" supercomputer, in just six months.
This group is a platform to encourage IT leaders in the country to connect, share and collaborate with peers. If you are a senior IT professional in India, we'd love to have you join.
