This Sort of Attack Can Take Place on Nearly Any Device

By Wayne Rash  |  Posted 2012-03-22 Print this article Print


While it's easy to blame Android's ability to load apps from anywhere, the fact is that this sort of attack could take place on nearly any device through a link delivered by a text message or through an infected Web page. Getting the app installed on an Apple iOS device or a Research in Motion BlackBerry might be a little more difficult, but with appropriate social engineering, it's certainly possible.

And, of course, this is the difficulty in defending Android devices against malware. The fact is that these are by design open devices. Android-based smartphones and tablets are intentionally designed to be able to use software from anywhere. The information anyone needs to develop apps, including malicious apps, is readily available and the development process is relatively straightforward. More important, you don't have to deal with Big Brother looking over your shoulder while you develop something truly cool. Or truly evil.

Google does offer a protected area where you can find apps that have been checked and sanitized. That's the safe approach. But Android users have another option, which is to be educated about the device OS, and then to pay attention to what's happening when they install a new app. For the new app to work properly, you have to give it permission to access a variety of services on the device. Instead of simply answering yes to everything, perhaps it would make more sense to check the app out as much as possible before downloading, and then see if it asks for permission it shouldn't need. You can always say no.

Of course, the same thing is true for most of the malware that runs on iOS or BlackBerry OS. Regardless of how the rogue app arrived on your device, you still have to allow it to function the first time. Think about all of the times when you've casually granted trusted application status to some new app without thinking about why it needed that. While paying attention to what you're running and where it comes from won't solve the malware problem, it will certainly help control it.


Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel