The story quotes a former cybersecurity expert for the FBI saying: "It’s going to take one young woman to be stalked, raped and killed before people realize the need security on GPS.”
This is troubling -- to say the least.
It is irresponsible because it creates a scare where there should be education. Nothing Mrs. Knesek mentioned is actually "malware". The definition of malware is "software that does bad things". Not "software that does as it is told". Heck, BT themselves backpedaled on her comments. And if you think the FBI is credible on those things then ask yourself why they, themselves, are so widely hacked and "owned". BT HAS a financial interest in people being scared because THEY sell security practices.
No. That is not true. Everyone knows in the industry that this problem exists. Even Apple Store fights with this daily despite having the practice of personally approving the apps. Let them fix their problems.
The entire business model of Android for Google revolves around gathering your private information so that they can show you more targeted ads. So
All Android phones are intended to collect your private data in a supposedly anonymous way. When google itself do this, can you blame the 3rd party app developers on taking your private data and trying to monetize it? Thats why all enterprise customers go for iOS/Blackberry.
But all this is hidden from the average user.
People reading this should be a few notches up the fodd chain of software/hardware, but even we have difficulty understanding all this.How is your grandma supposed to figure it out?
Every app submitted will be evaluated by some app reviewer. This is done against a long checklists, so if your app just shows some information with some random button it will definitely rejected. In terms of privacy, if the app access user location, the system will pop up notification to ask for permission. So the user is making a conscious choice whether to allow or not.
There are shades of grey here.
We unofficially and maybe unconsciously contract with Google and other Web 2.0 companies when we use their Web services, letting them data mine our preferences.
With malware third parties that run the gamut from entrepreneurs to those with malicious intent try to jump on the bandwagon as it rides past. So far the damage has not been great enough to drive people away, but...
The article title is scary ... but is the malware a technical violation of data privacy (consolidating data without explicit permission) or is it actually capturing and exploiting private data for identity theft or other illegal activities? More details are needed to determine whether these are scare tactics laying the groundwork to justify selling scanning software or a representative sampling of compromised Androids.
This article is ridiculous.
If Google's Android apps had malware, I think we knew that by now
Android is open but it doesn't mean that any app can do whatever they want.
Even anti-malware software apps can't do much since they are just regular apps and don't have the right to control other apps (except if pre-installed on the device as a system app or if the device is rooted).
IOS has the most zero day vulnerabilities of any mobile OS. not sure that is a smart idea.
People are jailbreaking their phone (ie modifying the system on the phone) just by visiting a website.
The question is what information can be accessed by malware. Everyone will have concern on saved password be accessed. Will you have concern if your contact list (aka address book) is accessed? We definitely need to pay attention to our connected devices; yet, we shall react and draw a conclusion too quick too soon. I would love to read the report from BT that shows the detail of study and which apps are the suspect.
Malware is unauthorized software from third parties attempting to get a user's computer to do something malicious the user is not aware of.
It does not include preference monitoring by the Web service provider the end user is accessing.
After selling operating systems for 20years without antivirus solution, Microsoft had realized the necessities of designing security solution running by the OS designer/developer only.
Similar way the security solution is an acute need for mobile/tablet platform designed by Google.
I hope that they will realize the need in a early stage.
Quoting the article:
"GPS devices can also be hacked, said Knesek.
“'It’s going to take one young woman to be stalked, raped and killed before people realize the need security on GPS,' said Knesek a former cybersecurity expert for the U.S. FBI who worked on the Kevin Mitnick case."
I don't understand what he's saying.
The problem with the GPS signal being hackable, i.e. unauthenticated, which is the source of controversy and discussion, is NOT that someone's location can be determined by someone else. It is that GPS users in a given general area can be provided with bad location info.
How this makes a mobile device user more stalkable, I don't know. What might make such a user more stalkable is a nonsecure cell telephone, texting, or web browsing comm link, in which comm link divulges that user's GPS location. But authenticating the GPS signal won't help this scenario at all. The only thing that would help is encrypting the cell phone or texting or other apps.
GPS is a one-way broadcast signal, satellites to users. That's all. Nothing goes out from the user' mobile device when that users receives GPS data, UNLESS some other application in the device uses the location data and in turn transmits it out.
I mean, to prevent the user of this cell phone from being vulnerable to stalking, of course.
The reason to authenticate the GPS broadcast is different. It is to prevent a hacker from introducing fake GPS position information. But that would not be targetted to just one user device, unless that one user device is the only device in that general area. Any device within range of the hacker's signal would be equally vulnerable.
I think the attack that's being described here involves GPS but GPS itself isn't being hacked. The malware initiates GPS tracking. That is, it samples location periodically and surreptitiously sends it (e.g., via silent text message or http) to a stalker.
Once again, our cool technology is a double edged sword. Are there any single edged swords?
Malware or not, these phones can allow trouble to happen.Photos can have location and time data embedded in them. Unsecure texts or Twitter posts can expose such information. All of the marvelous capabilities in the smart phone in my pocket could make my life so much easier while at the same time making my entire life much more vulnerable to theft and or exploitation.
So did anyone actually buy these wild claims that BT seems to have retracted already, for example http://www.zdnet.com/bt-backpedals-on-claims-almost-every-android-device-has-malware-7000001837/
Seems like a FUD campaign to me. So really the question is, whose? Should the headline start with "According to Apple,..." or perhaps "According to Microsoft,..."?
Until someone gets hurt either financially or personally then the issue like they say " that dog won't hunt". I also was wondering what the effect on the performance of the android machines the "malware" software was causing and what was it doing? It was not clear to me from the article that they knew what all the rogue software was doing (if anything). It does not surprise me that there are those who will try to piggyback on software to get access to machines, what does surprise me is this is the first I have heard of it on Androids.
I recently saw an article on Android Anti-Virus Software. It pointed out that EVERYTHING in an Android is sandboxed. Therefore an Anti-Virus program can't see the programs it is trying to detect, by definition. Malware can't see your information, unless you say it can. What is crazy to me is that there are so many apps out there that require every permission in the book. On the one hand, that should set anyone's suspicions off. On the other hand, users shouldn't be required to look at a laundry list of permissions to decide whether a specific app should have them. Most are unable, and many have both legitimate and illegitimate uses. So, a program that uses it legitimately could use it illegitimately as well.
The best answer, I am sorry to say, is to take all those permissions away. I can be identified by my GPS location alone (I spend time at home, right?) any app that can see both my GPS and the Internet could be a stalking tool. The only solution is for the apps to be code inspected by a third party certification agency. Then the distribution package gets compiled by the App Store from the inspected code. The developer pays for this and doesn't know who the inspector is, of course.
It may sound extreme, but it is the only solution that will allow full flexibility in the apps and block the potential abuses.
Now that they have used the dubious excuse of 9:11 to put GPS tracking of every citizen into your phones, they now want to use the dubious excuse of malware and other scare tactics to make everyone have privacy-invading DPI chips in every phone.
If they do much more to "protect us" then we will be so repressed and have so few rights that we won't have a life worth protecting.
All we need is good, strong, open-source encryption.
If mobile software has vulnerabilities then it should be open-sourced so the community can fix it.
Android users beware, more than 50 mobile apps in the official Android Market have been discovered containing malware that could have compromised sensitive and personal data. While Google has already yanked the apps from the Market, this first big infection highlights the inherent vulnerability of Android's openness to developers. Check here for more info http://drawsomethingcheat.eu