Discussion on:
View:
Show:
Android malware is on the rise, I wouldn't be so quick to assume those links are safe on an Android device. I'd rather use a laptop/PC with an expendable OS (of any flavor) running in a VM. Not as convenient as a tablet, but security seldom is.
Is - at this point, limited to apps you download and give permissions and which abuse those permissions. There is a huge disconnect in understanding what Android malware is and isn't, and I really blame this on the blogging press and rabid Apple fanaticism. If it were simply a case of drive-by delivery of native executables or browser security exploits, then *any* platform would be susceptible to links to malware sites, including iOS, OSX and Linux. But the fact is that we haven't seen any examples of viruses, trojans or malware targeting native execution on any of those platforms, nor on Android. While it might be theoretically possible - there wouldn't be a lot of payoff in designing a native code web-link delivered executable to these platforms.
You've got to understand - generally there are two ways that a Windows infection was placed onto a machine through e-mail.
Either an attachment in a zip file contained executable code that ran in native IA86 Windows code, and the e-mail tried to get you to click that code...
Or...
There would be a link in an html attachment or in the body of the email itself that would redirect you to a site that would try to place a malware payload on your system. (This is generally described as a drive-by infection in security circles).
In order to get that code to execute automatically, the website would traditionally try a buffer-overrun exploit, which would simply flood the buffer. The "overflow" would then actually execute as a command line execution, running the program, frequently with escalation of privilege so that the code would run with administrator rights.
When you think of Malware you can pick up by visiting a site, this is what you're thinking about, and it is a phenomenon solely isolated to Windows machines.
Now, hackers have actively exploited these same techniques against OS X, but those were active attacks, not passive scripted payload deliveries. As far as I know, there is no record of an attack like this ever being launched against any platform except Windows.
Android malware is a whole different beast. Android Malware is when you purposefully accept a download or sideload an .apk that claims it is one thing, but is actually harvesting data like passwords and user accounts or other information passing through your Android device and sending them to the author.
They're two totally different things, the kind of Malware that an e-mail attachment will direct you toward and what tech journalists call "Android Malware".
A VM is not a sandbox that guarantees a virus won't skip from the VM onto the bare-metal or onto your network, either. In fact, if you've got shares mapped or you've bridged your VM network to your physical network, the chance of spread is quite likely. Unless you have a share mapped directly from a tablet to your network, the odds of a virus infecting your tablet and then spreading to your network or other devices is far more remote. In all cases, though, your expertise and comfort with dealing with and containing viruses or malware is the most important criteria. If you're not sure what you're doing, you can create more problems than you solve.
You've got to understand - generally there are two ways that a Windows infection was placed onto a machine through e-mail.
Either an attachment in a zip file contained executable code that ran in native IA86 Windows code, and the e-mail tried to get you to click that code...
Or...
There would be a link in an html attachment or in the body of the email itself that would redirect you to a site that would try to place a malware payload on your system. (This is generally described as a drive-by infection in security circles).
In order to get that code to execute automatically, the website would traditionally try a buffer-overrun exploit, which would simply flood the buffer. The "overflow" would then actually execute as a command line execution, running the program, frequently with escalation of privilege so that the code would run with administrator rights.
When you think of Malware you can pick up by visiting a site, this is what you're thinking about, and it is a phenomenon solely isolated to Windows machines.
Now, hackers have actively exploited these same techniques against OS X, but those were active attacks, not passive scripted payload deliveries. As far as I know, there is no record of an attack like this ever being launched against any platform except Windows.
Android malware is a whole different beast. Android Malware is when you purposefully accept a download or sideload an .apk that claims it is one thing, but is actually harvesting data like passwords and user accounts or other information passing through your Android device and sending them to the author.
They're two totally different things, the kind of Malware that an e-mail attachment will direct you toward and what tech journalists call "Android Malware".
A VM is not a sandbox that guarantees a virus won't skip from the VM onto the bare-metal or onto your network, either. In fact, if you've got shares mapped or you've bridged your VM network to your physical network, the chance of spread is quite likely. Unless you have a share mapped directly from a tablet to your network, the odds of a virus infecting your tablet and then spreading to your network or other devices is far more remote. In all cases, though, your expertise and comfort with dealing with and containing viruses or malware is the most important criteria. If you're not sure what you're doing, you can create more problems than you solve.
https://www.google.com/#hl=en&safe=active&tbo=d&sclient=psy-ab&q=web+based+android+attacks&oq=web+based+android+attacks&gs_l=hp.3...1155.7563.0.8002.27.25.1.0.0.0.368.3862.0j23j1j1.25.0.les%3Bernk_timediscountb..0.0...1.1.2.hp.vMNW3eLxHyU&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&bvm=bv.42261806,d.aWc&fp=cecfd734039d8d45&biw=1366&bih=643
Most articles about Android web based attacks are around November 2010 and focus on *some* versions of Android 2.1.
I can't find anything more recent.
The few articles with any details about actual Android Malware describe downloading specific Android apps from non-Google Play sites, installing them *and* accepting outrageously broad permissions terms during the software installation.
And that is the thing - I haven't heard of a single Android drive-by infection that doesn't require *tricking* an end user into enabling the "malware" by installing it themselves and accepting the permissions that allow it to do bad things. That makes Android malware uniquely different than Windows malware - which can install and take control of your machine without any user interaction whatsoever.
That is - reports about pervasive Android malware are mostly FUD. People who don't know what they're doing who click on anything and accept permissions rights that make no sense are the ones getting infected by Android malware.
Most articles about Android web based attacks are around November 2010 and focus on *some* versions of Android 2.1.
I can't find anything more recent.
The few articles with any details about actual Android Malware describe downloading specific Android apps from non-Google Play sites, installing them *and* accepting outrageously broad permissions terms during the software installation.
And that is the thing - I haven't heard of a single Android drive-by infection that doesn't require *tricking* an end user into enabling the "malware" by installing it themselves and accepting the permissions that allow it to do bad things. That makes Android malware uniquely different than Windows malware - which can install and take control of your machine without any user interaction whatsoever.
That is - reports about pervasive Android malware are mostly FUD. People who don't know what they're doing who click on anything and accept permissions rights that make no sense are the ones getting infected by Android malware.
Just how many Droids are actually infected with this crap?
Remember the average user doesn't know what it is that they are doing when they load an App that they think they want.
Col
Remember the average user doesn't know what it is that they are doing when they load an App that they think they want.
Col
How is that relevant to the point the original poster was making - that following an e-mail link to confirm a website could endanger your Android device when the destination Malware would either require you to click on something or be Windows oriented (and would likely be both)?
I'm assuming any IT professional with an Android tablet who is following up on a user's e-mail to confirm it is legitimate should know what they're doing.
I saw an article on CNN today that claimed that porn sites are infecting phones with Malware and this is the majority growth vector for malware infections. They didn't say which phones or how or what the malware is. I'd like to see some real documentation on what these infections are and how they're getting on smartphones.
I'm assuming any IT professional with an Android tablet who is following up on a user's e-mail to confirm it is legitimate should know what they're doing.
I saw an article on CNN today that claimed that porn sites are infecting phones with Malware and this is the majority growth vector for malware infections. They didn't say which phones or how or what the malware is. I'd like to see some real documentation on what these infections are and how they're getting on smartphones.
that simply clicking on a link can't infect an Android device. Maybe it can't, but I personally am uncomfortable assuming so.
And I saw that article as well, which does worry me. For one thing, you can't always tell a link goes to a porn site until you actually go to the site. And if I recall correctly, that article stated that 20% of malware is coming from porn sites, which implies to me that 80% comes from non-porn sites.
And I saw that article as well, which does worry me. For one thing, you can't always tell a link goes to a porn site until you actually go to the site. And if I recall correctly, that article stated that 20% of malware is coming from porn sites, which implies to me that 80% comes from non-porn sites.
http://m.nbcnews.com/technology/technolog/first-known-android-drive-download-found-749499
If you read that article, the offending site still needs to trick you into side-loading a non-market app and accepting the list of permissions before the "drive-by" payload can be activated on your Android device.
There simply are *no* recorded cases of Malware being deployed to an Android device without the interaction of the end user - and I'm assuming if you're using an Android device to check out a link in an e-mail that you are suspicious of and you are technically competent, you're *not* going to click on a pop-up request on such a site that says, "in order to display this site, you need to download and install this important Android security patch," when you're already on your guard.
Now - recently both Microsoft and Apple were hit by a Java exploit. This exploit doesn't compromise Windows or OS X, it exploits a flaw in Java. The solution is to disable Java in your browsers. I've wondered if the heavily borrowed code-base of Dalvik, based on the Java SDK, might be susceptible to the same exploits - but there is no confirmation of that at this point - and it seems to me that any malware that was hosted on a web-site would have to be able to launch native Dalvik Java through Java routines in the browser in order to successfully compromise an Android device.
No platform is 100% secure. But prudent paranoia is different than fear based on misinformation.
If you read that article, the offending site still needs to trick you into side-loading a non-market app and accepting the list of permissions before the "drive-by" payload can be activated on your Android device.
There simply are *no* recorded cases of Malware being deployed to an Android device without the interaction of the end user - and I'm assuming if you're using an Android device to check out a link in an e-mail that you are suspicious of and you are technically competent, you're *not* going to click on a pop-up request on such a site that says, "in order to display this site, you need to download and install this important Android security patch," when you're already on your guard.
Now - recently both Microsoft and Apple were hit by a Java exploit. This exploit doesn't compromise Windows or OS X, it exploits a flaw in Java. The solution is to disable Java in your browsers. I've wondered if the heavily borrowed code-base of Dalvik, based on the Java SDK, might be susceptible to the same exploits - but there is no confirmation of that at this point - and it seems to me that any malware that was hosted on a web-site would have to be able to launch native Dalvik Java through Java routines in the browser in order to successfully compromise an Android device.
No platform is 100% secure. But prudent paranoia is different than fear based on misinformation.
Is that with the Elevated Privileges that some of the Droid Malware has access to that it can be used to spread infections to Windows Systems.
It's the reason why when I use any Tool like that I don't install anything to it I leave it in the Bare Delivered Form so it doesn't do more Harm then Good.
Maybe I'm just Paranoid but it works for me. I do however tell everyone that I'm Lazy and don't like creating more work for myself than necessary.
Col
It's the reason why when I use any Tool like that I don't install anything to it I leave it in the Bare Delivered Form so it doesn't do more Harm then Good.
Maybe I'm just Paranoid but it works for me. I do however tell everyone that I'm Lazy and don't like creating more work for myself than necessary.
Col
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
