March 7, 2011 No Comments-
In Norman’s yearly summary of security incidents, we also attempt to look into our crystal ball to predict what will happen in the year to come. One of the forecasts made in our 2010 summary was:
More widespread malware for handheld devices will emerge.
Several examples in the first two months indicate that this forecast will turn out to be valid.
Perhaps the most interesting incident affected users of devices running Google’s Android operating system. Tuesday 1 March, Google’s Android team was made aware that malicious apps were available for download from Android Market.
TechCrunch reports that Google has confirmed that in total 58 malicious apps were available, and downloaded to approximately 260 000 devices, before they were removed from Android Market.
It turned out that the malicious programs were modified copies of legitimate apps. The malware, called DreamDroid, is therefore a trojan. IBM Internet Security Systems X-Force has made a detailed technical analysis of the malware.
In a blog posting 5 March, Google described the steps that the company had taken in order to mitigate the situation:
Only Android versions prior to 2.2.2 are vulnerable.
The security update mentioned in item 3 is called Android Market Security Tool.
Product Removals: From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. In such an instance, Google retains the right to remotely remove those applications from your Device at its sole discretion. If that occurs Google will make reasonable efforts to recover the purchase price of the Product, if any, from the originating Developer on your behalf. If Google is unable to recover the full amount of the purchase price, it will divide any recovered amounts between the affected users on a pro rata basis.
Google also used the kill switch last summer. In a blog posting Rich Cannings, Android Security Lead, wrote:
While we hope to not have to use [the remote application removal feature], we know that we have the capability to take swift action on behalf of users’ safety when needed.
Openness – the very characteristic of Android that makes us love it – is a double-edged sword.
My guess is that this is not the last time that Google will have to use the kill switch.
Made up of various contributors' opinions and insights - the power of the collective.
Security Exposed Bloggers
Norman Safeground Blogs Archive