Whitenoise

While the appstore phenomena has brought is a lot of cool utilities to your smart phone, there are side effects too. Last week saw one of the most dramatic demonstration of what many have been fearing for sometime now. Malware on Smartphone!

And with some intelligent social engineering tricks, it could invade the ecosystem in the matter of days .

Several android web pages reported of a very powerful malware that got into the Android market place. Here is how the app installs the malware.

The malware publisher (goes by name Myournet) takes some of the  popular android games and then injects root exploits into the application package and republishes the apps back. All these are variants of the original popular apps, but but they are available FREE. Within days several users download the app and install it. A detailed report is here.

How it works: The malware actually installs a rootkit and ‘steals’ all personal information on your device and sends to a remote location. Besides the malware always opens up a backdoor with your device allowing more worms/malicious code to be run.  This blog post by a mobile security firm has the gory details.

Some points to note:
* The malware’s existence was not known by Google until someone posted about it in public domain .
* While Google was (somewhat) swift to respond , the damage was done. Private data from many phones have been sent to a nefarious user. Would have been very good if the app didn’t enter the ecosystem in the first place.
* Community to the rescue : Google responded by nuking the app with its kill switch. But then the first fixes came from members of XDA.

We can be happy that though the Android market is ‘open’ Google has put in some features in platform to recover back .

How about genuine apps ? Malware isn’t the only security threats to private data. The  Freedom to tinker website had a  blog post recently on the information shared by some of the popular Smartphone apps. The author had used sniffing tools like wire shark to sniff his Android phone.

The Android face book app sends stuff out in the open so anyone could read your posts..  It is also possible to make bogus posts, the author says. Some things to be careful of.

Wired’s ‘open’ edition: I’ll close this blog with a note about a recent Wired magazine issue that sums it up all.Some of the wired magazine  subscribers got a ‘very personal’ edition of their copy.   It had lot of information that Wired had gleaned about the subscriber!! The editors used online browsing history, electoral records and ‘social networks’. The magazine just shows how much information we expose unknowingly.

When they do this exercise the next time, they will have yet another ‘gold mine’ of private information -your ‘smart’ phone!

[Image credit : Mobilecrunch , Prohack]