Open Source Insider

Feb 21 2011   10:45AM GMT

Android: ghosts in the machine?

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater

Tags:
Uncategorized

Speaking personally, the fallout from Mobile World Congress sits at three levels. There’s the fact that I missed a complete night’s sleep due to a crazy early takeoff slot, Vodafone’s mWomen initiative to “empower” women in developing nations with mobiles — and the lack of discussion surrounding standards, interoperability and, above all, security on the fast emerging set of new devices currently spawning across a whole host of different operating systems.

Specifically, Android and security comes to mind.

Not just malware-related security concerns, but also concerns over defects found in the kernel, the need to categorise and classify these faults (if they do indeed exist) — and the resulting corollary in terms of what kind of security backdoors these defects might leave open.

Taking on open source technology to commercial deployment and rollout will typically mean locking down dynamic libraries so that they are presented statically, which in turn allows them to be certifiable so that they can be given a warranty.

Drunk Androids.png

So Android’s developer pages specify plenty of info on security risks and concerns saying that, “A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user.”

Yet at the same time, AVG’s Droid Security reports that, “The ‘ADRD’ trojan targets Android users and is part of a Chinese multi-platform network Xiaxia.com. AVG reports that a similar threat from the same botnet also exists targeting other smartphone platforms such as Symbian S60.”

Droid Security also specifies that as the ADRD trojan infects a device, it registers itself to sensors of network activity, alarms and various other OS events. “Once fully installed, the trojan feeds back the phone’s unique IMEI/IMSI number, with each infected smartphone becoming part of the botnet.”

There’s also an app called Lookout that allows a user to track the location of lost phones — and Trend Micro appears to be pretty vocal on this subject too.

One final note, Lookout is also responsible for the App Genome Project, which is described as, “The largest mobile application dataset ever created in an ongoing effort to map and study mobile applications.”

There’s more to discuss here, much more. But our takeaway thought must surely be to question just how real this threat will be — and will other more cash rich markets such as iOS, BlackBerry and Windows Phone 7 always be more attractive to would be malicious hackers.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Michael
    Blackberry has high end security software unlike Windows Phone 7, IOS or even Android.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: