Android Malware Intercepts Text Messages, Forwards To Criminals 137
An anonymous reader writes "A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions. The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user."
Is this really news? (Score:5, Interesting)
This'd only be newsworthy if it's installed via Google Play or another mainstream source. Otherwise, it's just stupid people paying the price for their ignorance.
FUD. Must be a slow news day (Score:3, Interesting)
From TFA,
Although Doctor Web doesnâ(TM)t say so, the good news here is that Pincer2 is not likely to be very prevalent. It has not been found on Google Play, where most Android users should be getting their apps, and appears to be meant for precise attacks, as opposed to being aimed at as many users as possible.
In short, this malware threat isnâ(TM)t one that you will likely be hit with, but it is an interesting example of how Android malware is evolving.
Re:Then I guess I don't care (Score:2, Interesting)
The install-type permissions model for Android has some serious flaws and even though I don't like Apple's strict requirements for getting into the app store, I think the iOS security sandbox is much better.
For example, I occasionally use Skype on my iPhone for video calls with my folks, but I don't want Skype(MS) to have access to all of my contacts either. On Android, I have no choice but to hand it over because the app requested access to my contacts in its permissions list. On the iPhone, the only way an app can get to my contacts is through an API at runtime, where I can just say "no" once and go on using the application. Same goes for location data, SMS, pictures, music, calendar, etc. I actually have finer grained control of my private data on the iPhone than on Android.
Let me PARSE that for you (Score:5, Interesting)
16.9 million results.
But what can any iPhone trojan actually do? It's limited to sending contacts (and that only IF the user allows it at the time it tries to access the contacts, not on install). It can send the users location IF the user agrees to have the location accessed, at the time the app tries to access location (not on install). It can send your photos to them IF the user agrees to allow access to get to the photos... you get the picture.
What CAN'T it do? It can't access or send SMS messages. It can't access or send email messages (at least not without the user hitting send on the email). It can't make a phone call without the user saying "why yes I would love to dial that number now which is clearly displayed to me in full".
The issue is that because Android makes you agree to what it can do up front, most non-technical users will simply agree to anything, and then the app can really DO anything it likes to the user. There are safegaurds technical users can install; but they are exactly the people who do not need protection or help!
Android is a platform built for the pleasure of the technical elite, with a promise to non-technical users of being their gateway into the new world of mobile computing. But that is a lie; it's simply a PC you can put in your pocket that brings along for the ride every ill ever conceived of on a PC and more besides.
Android could go a long way by simply grantng permissions for things at the time the app wants them as iOS does; but even then the fundamental problem is that there are so many permissions that extend so deep into the system that it allows apps to do things like intercept SMS. You can't take those away now without technical users crying foul, but the cost to non-technical users is monstrous.
Exactly! (Score:3, Interesting)
What people miss is that iOS is MORE customizable for users by default in the ways that matter most. As you say, Skype having my contact list? Hell no!
Or Google Maps app having my location or contacts or anything whatsoever? Don't think so! All I have to do is say no, but I'm still using the app.
Re:Is this really news? (Score:0, Interesting)
The SD card bootloop problem is well known and spread across a large number of devices. Take a look [slashdot.org].
It is not any app causing the problem, it's Android itself. It's suspected that it happens either after a certain number of apps/files are moved or a certain amount of space is used by apps on the SD card.