Forgot your password?
typodupeerror
Android Security Music

Cybercriminals Exploit Björk's Biophilia App To Compromise Androids 75

Posted by timothy
from the click-here-for-free-bjork dept.
An anonymous reader writes "The Russians who put out fake versions of Angry Bird Space and Instagram for Android last week have competition. Biophilia, a musical experiment by Bjork into the world of apps, has been ported to Android as a Trojan." Maybe not totally surprising; as the submitter reader continues, "last year at the launch of the app, Bjork was quoted in an interview inviting pirates/hackers to attempt to port her code over from iPhone to other platforms."
This discussion has been archived. No new comments can be posted.

Cybercriminals Exploit Björk's Biophilia App To Compromise Androids

Comments Filter:
  • by homey of my owney (975234) on Thursday April 26, 2012 @11:22AM (#39807475)
    Sometimes you get it
  • HOLY SHIT! (Score:2, Funny)

    by Moheeheeko (1682914)
    There are people who still like Bjork?
  • So... Androids are biophobic?
  • by noh8rz3 (2593935) on Thursday April 26, 2012 @11:23AM (#39807511)
    would anybody be surprised if this is all part of bjork's art? you know, how letting music into your life can have unintended powerful consequences. as a fan, i think this is right up her alley.
  • by stummies (868371) on Thursday April 26, 2012 @11:23AM (#39807517)
    This wasn't supposed to happen!
  • by Ranger (1783) on Thursday April 26, 2012 @11:24AM (#39807523) Homepage
    I think "You have been Björked" will now enter the Android lexicon.
  • by dryriver (1010635) on Thursday April 26, 2012 @11:29AM (#39807575)
    I'm wondering why it is that the old "Soviet Bloc" countries produce so many hackers/scammers/malware authors? Couldn't these people use their - considerable - coding skills to do something constructive? Like starting a software or IT services company? Or making small casual games for various platforms that are out there? Is there a lack of opportunities in Russia & neighbouring countries? A lack of angel investors or venture capital that could pay for small startups? Or is it a cultural thing that Russian hackers tend to do pretty negative things - like hacking & stealing credit card info - ? If you have the technical skill to create trojans or malware, surely there are other _useful_ things you can build with those skills? Like creating a competitor to Adobe Photoshop, or a watertight security system for banking transactions. ------- I really want to know: What is so attractive about creating trojans, malware & phishing scams with your tech skills. Surely these people wouldn't want their own systems compromised by malicious software? So why do it to others?
    • by b0bby (201198)

      My (basically no-knowledge) take is that because the rule of law is weak, lots of enterprises are run by gangsters. They hire the hackers, who have few other legit options because the economy is stagnant (in part because the rule of law is weak).

      • by alexander_686 (957440) on Thursday April 26, 2012 @12:42PM (#39808553)

        It’s not that weak rule of law lowers the cost of crime, it also raises the cost of legitimate business.

        If you build a large permanent business powerful interest will try to expropriate your profits. Bureaucrats will demand bribes to do their job, Tax inspectors will find violations in the opaque tax code unless the right politicians are paid off, etc.

        Better to invest is something light and cheap. First, it’s harder to find. Second, when the "Rent Seekers" come they will only find a empty shell – and thus you can move on to the next operation.

    • I'm wondering why it is that the old "Soviet Bloc" countries produce so many hackers/scammers/malware authors?

      A culture that valued intellectual pursuits probably helped. That culture has largely dried up when it comes to other pursuits like chess or poetry, but being interested in computers doesn't result in the same categorization as a nerd as in some other countries.

      Couldn't these people use their - considerable - coding skills to do something constructive? Like starting a software or IT services company?

      There are in fact an enormous number of legitimate software businesses in Russia, which the Slashdot crowd seems largely unaware of. However, not everyone feels that they have the savvy of starting a formal business, which involves navigating bureaucracy and in some regions brings one up against bribe-expecting officials. Crime just seems easier to some set of people.

      Surely these people wouldn't want their own systems compromised by malicious software? So why do it to others?

      If the Golden Rule were really common sense, we wouldn't have to be reminded of it by every religious teacher or moral philosopher that has come along in history.

      • by Raenex (947668)

        If the Golden Rule were really common sense, we wouldn't have to be reminded of it by every religious teacher or moral philosopher that has come along in history.

        I remember getting into a lunchtime conversation with a coworker, and he asked why people should be good, and talked about how lions don't apologize for their actions.

        Then there's the religious zealots who think we need a "God" to even have morality. The idea that somebody would act out of empathy instead of fear of punishment just seems alien to them. Really, it's like they have the morality of self-centered children.

    • You don't know how business is done in E. Europe, do you?
    • by tehcyder (746570)
      Making money by doing illegal things IS exploiting a business opportunity. If you think all western companies only operate within the law, you have blinkered vision. Places like Eastern Europe and Russia are just a bit more Wild West due to their recent history and comparatively weak systems of law and order.
    • Because in "civilized" countries the people who scam, fraud and exploit you are the legit corporations

    • You probably want to read up on the Bulgarian (and Russian) "Virus Factories" ... here's a copy: http://www.people.frisk-software.com/~bontchev/papers/factory.html [frisk-software.com]

      There are many.

      Now, its from 1991, and I read it at the time through a BBS I frequented, but the facts remain valid.

  • by jbernardo (1014507) on Thursday April 26, 2012 @11:35AM (#39807659)

    Am I the only one getting tired of this "android trojan/malware of the day" press releases by the anti-virus authors?

    Seems more and more like pure astro-turfing for their own products, trying to create a sense of insecurity in the users of the biggest mobile OS just so that they can sell their products.

    Most users won't be affected by this malware - the play store won't have it, and most of those that install apps from outside the store are techs who know what they are doing. The few affected will be the usual ones, those who think they can ignore the warning when they allow install from untrusted sources, and then ignore the permissions requested by the app. If you're dumb enough to do that, to install games from a suspicious site, that want to make calls and send SMS, then no anti-virus will save you. And it isn't the OS fault if you choose to ignore all safety precautions and disable all protections.

    • by godrik (1287354)

      Well, I must say i do not store any sensitive information nor i log on any sensitive website from my android phone. There are so many malware around that I do not feel confortable using an android phone for these things.

      Actually I got really scared when applications such as rootme came out.Install the application that does not require ANY permission and your phone is rooted. Now what tells me there is not one of these in angry bird? Or in the thousand of apps out there.

      NB: I do not trust your random windows

    • by jo_ham (604554)

      So what you're advocating is... peace of mind/security through obscurity?

      Isn't this the stick that slashdot beats Apple with now that malware is becoming more prevalent on OS X; that it's purely a function of marketshare (a position I do not agree with, although marketshare is clearly part of it)? If Android is the biggest mobile OS then surely it will see regular malware stories, as we've been led to believe is the reason Windows malware is overwhelmingly the most common, and so on?

      What do you suggest? The

      • by tlhIngan (30335) <slashdotNO@SPAMworf.net> on Thursday April 26, 2012 @01:37PM (#39809437)

        Most users won't be affected by this malware - the play store won't have it, and most of those that install apps from outside the store are techs who know what they are doing. The few affected will be the usual ones, those who think they can ignore the warning when they allow install from untrusted sources, and then ignore the permissions requested by the app. If you're dumb enough to do that, to install games from a suspicious site, that want to make calls and send SMS, then no anti-virus will save you. And it isn't the OS fault if you choose to ignore all safety precautions and disable all protections.

        The problem is, a lot of users don't have the play store. The best selling Android tablet certainly doesn't have it. And places like China have other stores set up becaues AOSP is huge (probably bigger than official Android). And since many devs do NOT sell anywhere but Play (SlideME, AppsLib, Amazon, etc have very few apps - no more than 10%), especially free apps, if you don't have it, you need to find the APK somewhere else.

        Why do you think people who buy Archose/Nook/Kindle Fire/other Android Tablet immediately go to xda-devs to see if there's a Market/Play hack for it? THOSE are the techies. Everyone else googles for the APK.

        Finally, well, apps can cost money on Play. There's a natural human tendency to not want to pay for stuff like software (especially in places like Asia), so if they can get a Angry Birds Space for free from some other site, they would. (If it wasn't lucrative, do you think malware devs would spend all that time and effort?).

        Apple is a different beast - since it's so hard to sideload apps (and you should see the howls of people complaining they can't load pirated apps on the new iPad). Probalby why people resort to phishing for iTunes credentials.

        So what you're advocating is... peace of mind/security through obscurity?

        No, it's a rethink of security from the ground up, except with a deep understanding of the audience. It's called Dancing Pigs [wikipedia.org] and it explains why people constantly get malware on their PCs and why the Android security model, while great for techies, is positively lousy for general users.

        Think of it this way - user wants Angry Birds Space. I just checked (what I think was) the official app (free one - because who pays for apps?) - here are the permissions it wants

        - Modify/Delete USB storage contents
        - Read phone state and identity
        - Full internet access
        - Coarse (network-based) location
        - View Wi-Fi State, view network state.

        Well crap, I want to play a game of Angry Birds, and you want me to go through all that? (And you only see the first two anyhow, and the last is hidden behind a "More"). Ah, the download button is so big and right there, and I got it, screw what that intermediate screen said.

        After all, how many people really READ a EULA that's passed to them during an install? Heck, did anyone read the EULA for the Play store that pops up the first time you use it?

    • If you're dumb enough to do that, to install games from a suspicious site, that want to make calls and send SMS, then no anti-virus will save you. And it isn't the OS fault if you choose to ignore all safety precautions and disable all protections.

      That's a very tech-centric response. To the average Android user, what you just said is in one ear and out the other. In the long run, it IS the responsibility of the handset provider to protect the purchaser from this kind of thing, especially if they don't want frustrated customers who will look elsewhere for their next handset.

      • What you just said is very ignorant-centric.

        The vendor is no more at fault than Ford is when you drive 120 mph into a tree.

        To the unwashed masses: learn to use your smart phone, pay someone for training, and don't be ignorant about it.

  • by T Murphy (1054674) on Thursday April 26, 2012 @11:37AM (#39807681) Journal

    Bjork was quoted in an interview inviting pirates/hackers to attempt to port her code over from iPhone to other platforms

    So will people take this trojan as a reflection of the ethics of all pirates/hackers? Hopefully someone did come through with a legit port of the app.

  • by justsomecomputerguy (545196) on Thursday April 26, 2012 @11:38AM (#39807699) Homepage
    She might also have been signed with SONY.
  • Maybe the trojans are part of the performance art?
  • Why the hell would they choose Bjork's Biophilia app? I mean it's kinda funny, but that's not a very popular (or good) app. The app was free for a long time and only has 731 ratings, which means it isn't really selling that well. Angry Birds has 750,000 ratings and Instagram has 500,000.
  • Bjork is in the news again! 2 headlines in 2 years! Time for a comeback.
  • by Qwavel (733416) on Thursday April 26, 2012 @11:45AM (#39807795)

    The link takes you to Symantec's website - you know, the company that wants to make everyone think they need to buy anti-virus for Android.

    Neither the blog post on Symantec's website, or the /. summary say whether the Trojan is in any Android app store, which is obviously the most important piece of information. After all, any duffus can sit at home and write (some forms) of Android malware and post it to their website.

    The fact that Symantec would post something like this on their website is not a surprise - it's their website they can post what they want. But the fact that it got posted on slashdot....

  • If one purpose of malware is to wreck society, both of those things already accomplish that.

  • until part 2 of TFA was available to post this? "Look, something scary! Tune in next week when we find out more..."
  • ...Marvin shoots the video cover for Big Time Sensuality.

  • by miltonw (892065) on Thursday April 26, 2012 @12:00PM (#39807975)
    Stop calling these people "cybercriminals"! Just don't. They are criminals, not androids, robots, AI entities or "cyber" anything.

    God, I so hate people labeling everything even remotely related to the Internet as "cyber-".

    It's, it's ... cyberstupid.
  • by theIsovist (1348209) on Thursday April 26, 2012 @12:26PM (#39808367)
    I can't be the only one who thought that "Biophilia" is something you get when you don't use a trojan...

Things are not as simple as they seems at first. - Edward Thorp

Working...