Android’s Dream Shattered by DroidDream
In today’s world, one needs to be smarter and faster; and that only comes with devices like the Smartphones and tablets. With advanced technology come innovative threats to authenticity and security of the devices. McAfee has reported a list of malware threats to mobile gadgets. It is not just a vague theoretical threat, but it has shifted to the realm of the actual in the form of “DroidDream” which has made its way into Google’s official Android Market.
This attack came to pass a week back and was attached to multiple applications posted to the Google-run Android Market and many third party app markets. With a mere $25 entry fee to publish your application on Google, spammers and malware writers are encouraged to infiltrate into official territory. The security cover for mobile devices is not as sophisticated as it is for PCs. Given Android’s easily penetrable app culture, the door for malevolent apps is wide open. Anti-virus firm Symantec explains that threats have been on the rise in recent months, when previously they were limited to more “proof-of-concept type exploits”.
Over 50 Trojan apps were identified and expunged by Google as soon as the word spread. Kevin Mahaffey, CTO of Lookout, a mobile device security tools maker, explains the Android malware discovery as – “DroidDream is packaged inside of seemingly legitimate applications posted to the Android Market in order to trick users into downloading it, a pattern we’ve seen in other instances of Android malware such as Geinimi and HongTouTou. Unlike previous instances of malware in the wild that were only available in geographically targeted alternative app markets, DroidDream was available in the official Android Market, indicating a growing need for mainstream consumers to be aware of the apps they download and to actively protect their smartphones“.
“For the first time in history, a malicious attacker can send a packet of data and money foes flying“, said John Hering, CEO of Lookout Mobile Security. The money is on the tablet computers and mobile devices which are linked to personal information, internet as well as the carrier billing system.
The Android malware has been attached to legitimate applications and posted to third-party stores. Dave Marcus, Director of Security Research and Communications from McAfee Labs, elucidates, “Analysis has shown that these apps can break out of the typical sandbox that most apps reside in, to potentially gain control over the entire device and its data. In terms of attacks and malware, it doesn’t get any worse than root access, which this malware has“.
This is not to say that Android is not inherently safe, it is to encourage users to exercise caution and not blindly click ‘OK’ to all the warnings that pop up while installing an app. Given how quickly Google removed the infected apps, it is not out of order to trust Android, but it gives an idea of how foolproof it is.
I say it loud & clear – Apply your own brain to what you use, even when it comes with an official tag.