Recently, Google had to combat a malware program that had stealthily infiltrated itself into more than 50 Android apps. The program, known as DroidDream, has the capacity to steal info from mobile devices as well as perpetuating the problem by downloading other malware onto the phone.
On Saturday, Google addressed the problem by using a program that remotely erased the application from the thousands of phones that had been infected with DroidDream. Anyone who is affected will also be receiving an explanatory email from Google over the next three days, according to Android’s head of security, Rich Cannings.
Google is also implementing a mandatory update known as “Android Security Market Tool March 2011,” which will fix the gaps in security that DroidDream was able to manipulate. Phones running the Gingerbread system on their phones won’t have been affected by DroidDream, but phones that run anything below Android 2.2.2 were vulnerable to the breach of security.
DroidDream is a particularly malicious program because it gains access to both the phone’s International Mobile Equipment Identity number as well as the SIM card’s International Mobile Subscriber Identity number. And that’s only the first step! DroidDream then sends those two identification numbers to a location in California, and then the second stage of the malware program is initiated. During the second stage, DroidDream downloads another app that prevents users from uninstalling the application (or seeing it). It then exploits the device for further information, including data on userIDs, phone model, product ID, and country info. From this point, it is able to download other malware as well.
According to Lookout Mobile Security, “The first phase of the malware served to gain root access on the device while the second phase predominantly serves to maintain a connection to the command-and-control server to download and install other files…Because we have not seen the command-and-control server issue commands to download additional applications we cannot divine their exact purpose. However the possibilities are limitless.”
Google has since removed apps that were infected with DroidDream, and has contacted law enforcement.
Sources That Contributed To This Article:
GOOGLE
Lookout Mobile Secur
On Saturday, Google addressed the problem by using a program that remotely erased the application from the thousands of phones that had been infected with DroidDream. Anyone who is affected will also be receiving an explanatory email from Google over the next three days, according to Android’s head of security, Rich Cannings.
Google is also implementing a mandatory update known as “Android Security Market Tool March 2011,” which will fix the gaps in security that DroidDream was able to manipulate. Phones running the Gingerbread system on their phones won’t have been affected by DroidDream, but phones that run anything below Android 2.2.2 were vulnerable to the breach of security.
DroidDream is a particularly malicious program because it gains access to both the phone’s International Mobile Equipment Identity number as well as the SIM card’s International Mobile Subscriber Identity number. And that’s only the first step! DroidDream then sends those two identification numbers to a location in California, and then the second stage of the malware program is initiated. During the second stage, DroidDream downloads another app that prevents users from uninstalling the application (or seeing it). It then exploits the device for further information, including data on userIDs, phone model, product ID, and country info. From this point, it is able to download other malware as well.According to Lookout Mobile Security, “The first phase of the malware served to gain root access on the device while the second phase predominantly serves to maintain a connection to the command-and-control server to download and install other files…Because we have not seen the command-and-control server issue commands to download additional applications we cannot divine their exact purpose. However the possibilities are limitless.”
Google has since removed apps that were infected with DroidDream, and has contacted law enforcement.
Sources That Contributed To This Article:
Lookout Mobile Secur
Posts
0 comments:
Post a Comment