Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Issues Android Virus Warning

samzenpus posted about 2 years ago | from the protect-ya-neck dept.

Android 129

Dupple writes "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number."

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

Global warming - is the gravy train ending? (-1)

Anonymous Coward | about 2 years ago | (#41663899)

They're trying to keep this under the radar and out of the press (public knowledge of this could threaten millions of dollars in research grants), but the fact is that there has not been any global warming the past 16 years. This is the fact they don't want you to know about. Link:
http://www.dailymail.co.uk/sciencetech/article-2217286/Global-warming-stopped-16-years-ago-reveals-Met-Office-report-quietly-released--chart-prove-it.html [dailymail.co.uk]

Fragmentation (5, Funny)

Anonymous Coward | about 2 years ago | (#41663917)

Clearly, Android isn't fragmented enough yet. The industry needs to work to further fragment the platform until this type of attack isn't viable.

Re:Fragmentation (-1, Redundant)

binarylarry (1338699) | about 2 years ago | (#41663957)

Netcraft confirms it, Android is the new Windows.

I, for one, welcome our new open source overlord!

Re:Fragmentation (2)

DJRumpy (1345787) | about 2 years ago | (#41664487)

I was just surprised to read that Android was a Virus...

Should rename these Darwin Viruses (4, Insightful)

krelvin (771644) | about 2 years ago | (#41663919)

Places and things people should not be clicking on in the first place.

Re:Should rename these Darwin Viruses (4, Insightful)

yog (19073) | about 2 years ago | (#41664141)

You still have to deal with typo squatters. If you type goole.com instead of google.com or some such you may end up at a phony website designed to phish you.

Fortunately, it seems that the big players have grabbed most of the common typos like gogle.com, bankoamerica.com and so forth. But out of millions of sites, there's bound to be plenty of opportunities for a determined script kiddie.

Re:Should rename these Darwin Viruses (0)

mcrbids (148650) | about 2 years ago | (#41664709)

Why does it strike me as ironic that your post is about typos, and your sig line is a kvetch about a common typo? Its like you meant it!

Re:Should rename these Darwin Viruses (5, Funny)

Tastecicles (1153671) | about 2 years ago | (#41664713)

It's worse than that; the civic leaders of a market town in South Yorkshire have squatted goole.com.

Oh, yeah, and they can't spell for shit.

Re:Should rename these Darwin Viruses (2)

tsa (15680) | about 2 years ago | (#41666627)

LOL, they have a search field on their site which uses Ask.com :).

Re:Should rename these Darwin Viruses (0, Offtopic)

FSWKU (551325) | about 2 years ago | (#41665295)

You still have to deal with typo squatters. If you type goole.com instead of google.com or some such you may end up at a phony website designed to phish you.

If you're actually opening a browser and typing in 'google.com' to search Google on an Android device that by default has a giant Google Search bar on the homescreen... Well then you get what your stupid-fingers get, and I can't bring myself to feel sorry for you...

Re:Should rename these Darwin Viruses (1)

noh8rz9 (2716595) | about 2 years ago | (#41664879)

Can anybody help me make a plan for this? 1) how can I tell if my phone is already infected? 2) what can I do, aside from "don't click that" to prevent infection? A way of hardening my phone?

Re:Should rename these Darwin Viruses (0)

Anonymous Coward | about 2 years ago | (#41665789)

You can pay hundreds of dollars a year in subscription fees for this useless piece of software that I will create an market as something that detects, cleans and removes files that are infected.

*sigh* Another worthless virus alert (5, Interesting)

Scutter (18425) | about 2 years ago | (#41663935)

No information about attack vectors (such as compromised apps), how to tell if you're infected, what to do if you think you're infected, etc. Par for the course.

Re:*sigh* Another worthless virus alert (0, Informative)

Anonymous Coward | about 2 years ago | (#41664153)

Did you even read the article? They talked a lot about attack vectors... They also went on to tell people how they can protect themselves.

I'd assume downloading an antivirus for your phone or reformatting it would be the best option.

Re:*sigh* Another worthless virus alert (4, Informative)

Scutter (18425) | about 2 years ago | (#41664295)

Did you even read the article? They talked a lot about attack vectors... They also went on to tell people how they can protect themselves.

I'd assume downloading an antivirus for your phone or reformatting it would be the best option.

They didn't talk about attack vectors AT ALL, except in the vaguest of terms. They talked about generalities that apply to any platform, not to this specific virus. It's the equivalent of saying "don't set your drink down in a crowded bar." Yes, it's good advice, but at the same time almost completely worthless to put into a press release.

Re:*sigh* Another worthless virus alert (-1, Troll)

BasilBrush (643681) | about 2 years ago | (#41665213)

Read between the lines. Don't buy Android.

ive got some iOS virii (0)

Anonymous Coward | about 2 years ago | (#41665717)

want some .......so dont buy apple
ive got some windows virrii
so dont buy windows

ive got some linux and bsd virii so dont use those...

gee how awful ......[ends transmission]

Re:*sigh* Another worthless virus alert (0)

Shavano (2541114) | about 2 years ago | (#41664691)

But you would have to trust the antivirus.

Re:*sigh* Another worthless virus alert (-1, Troll)

BasilBrush (643681) | about 2 years ago | (#41665193)

NO, the BEST option would be to use an iPhone instead.

Re:*sigh* Another worthless virus alert (0)

socceroos (1374367) | about 2 years ago | (#41665259)

^ this. You see, since Apple only allows you to install apps from their app store then no other attack vector is possible at all! That's why all the spy agencies use iOS devices for their most advanced and secretive tasks. It's true, believe me.

JAAAAAAILLLLLBREAK (0)

Anonymous Coward | about 2 years ago | (#41665771)

OH and not like windows never had viruses either and you can only buy it in a store too right....

Re:*sigh* Another worthless virus alert (4, Informative)

euxneks (516538) | about 2 years ago | (#41664603)

Essentially, it's FUD.

Yet another excellent reason... (-1, Flamebait)

KrazyDave (2559307) | about 2 years ago | (#41663941)

for iOS' closed environment. Cue the Apple haters in 3, 2,1...

Re:Yet another excellent reason... (2, Informative)

Threni (635302) | about 2 years ago | (#41663959)

Re:Yet another excellent reason... (1)

multiben (1916126) | about 2 years ago | (#41664067)

Not sure what your link is meant to say. There is no personal identification info in the IFA system, and it can be turned off if you particularly object to customised advertisements. You will still get advertisements, but now they'll be random.

Re:Yet another excellent reason... (3, Interesting)

ne0n (884282) | about 2 years ago | (#41664771)

Maybe you're too young to remember it but Apple was logging everybody's GPS coordinates for quite a while there. It took a massive outcry before they reversed their policy on unwanted silent tracking without consent. They argued the logs weren't personal info back then.

Re:Yet another excellent reason... (0, Insightful)

Anonymous Coward | about 2 years ago | (#41665143)

And you probably don't remember that the logs only existed on the phones, but were available by looking at the backup file. They were never transmitted. Google was found to be actually transmitting the current coordinates back to Google for warehousing. Apple removed the file, Google lobbied to allow them to keep doing it.

Remember that? Or are you just lying to spread more Apple hatred which makes the Android community look like a bunch of children.

Education (1)

tepples (727027) | about 2 years ago | (#41663961)

In a closed environment, how are students supposed to learn to program?

Re:Education (1)

KrazyDave (2559307) | about 2 years ago | (#41664233)

The primary job of an OS is to train future programmers? Gee, and here I was thinking it was to facilitate the function of the device for the consumer.

Function of a device; consumer (1)

tepples (727027) | about 2 years ago | (#41664379)

I was thinking [an operating system's job] was to facilitate the function of the device

For one thing, different people have different ideas of what "the function of the device" is. One "function of [a] device" is to allow the user to create additional "function[s] of the device". This is a function that Apple has tended to explicitly reject on an iPad or iPhone. (On the one hand, Codea, but on the other hand, C64 games that got pulled from the store because the user could reboot the virtual C64 to BASIC [slashdot.org] .)

for the consumer

Are you trying to imply something special by the word "consumer" as opposed to "user" [gnu.org] ?

Re:Education (1)

bobbied (2522392) | about 2 years ago | (#41664383)

Smart platform vendors donate development platforms to colleges and universities around the world so that students have a chance to learn. I don't know if Apple does this nor not, but I saw a LOT of apple products in the computer labs when I went to school (20 or so years ago...)

Re:Education (3, Insightful)

tepples (727027) | about 2 years ago | (#41664465)

Smart platform vendors donate development platforms to colleges and universities around the world

But not to high schools. Or is there a good reason that kids shouldn't be programming before college? Or between graduating from college and getting a job in the field?

Re:Yet another excellent reason... (1, Flamebait)

binarylarry (1338699) | about 2 years ago | (#41663981)

Yeah, removing user/customer freedoms to increase safety is totally the way to go.

Didn't some famous guy say something about that?

Re:Yet another excellent reason... (1)

Anonymous Coward | about 2 years ago | (#41664055)

And considering how much the government is fucking you? I think Apple is still a damn sight better. If you're that up in arms about Apple you must go absolutely apeshit over the one party system.

Re:Yet another excellent reason... (1)

binarylarry (1338699) | about 2 years ago | (#41664157)

That's awesome bro

Re:Yet another excellent reason... (0)

Anonymous Coward | about 2 years ago | (#41664243)

That's awesome bro

If you think so, you should see some of my other trolls. They're pretty good if you just check my post history.

Re:Yet another excellent reason... (0)

Anonymous Coward | about 2 years ago | (#41664185)

By downloading the SDK.

Re:Yet another excellent reason... (1)

KrazyDave (2559307) | about 2 years ago | (#41664273)

That's a fallacious argument. The "famous guy's" saying isn't comparable to protecting the average consumer's expectation of having a consumer device that won't leak all of his private info by clicking an "update" or link that is actually a phishing lure. I don't even own or like Android or iOS devices, but I have kids and a wife who do and it's irritating to know that they are vulnerable and it's why I am moving them to iOS ASAP.

Re:Yet another excellent reason... (1)

Anonymous Coward | about 2 years ago | (#41664665)

Apps leaking private info? Gee, good thing that would never happen in a curated Apple's appstore [forbes.com] . Wait, what? Don't tell me they only cared about apps not crashing and being in line with Apple's policies on design and content.

Re:Yet another excellent reason... (1)

narcc (412956) | about 2 years ago | (#41664931)

If you care about security, get a BlackBerry.

There is no other option,

Re:Yet another excellent reason... (2)

Killall -9 Bash (622952) | about 2 years ago | (#41666185)

Really? With RIM letting repressive governments (but not ours of course) get access to SMS and email? Blackberry would be my LAST option.

Re:Yet another excellent reason... (1)

narcc (412956) | about 2 years ago | (#41666557)

Well, if you were even a little bit informed you'd know that that only affects some BIS users. It's *impossible* for RIM to "hand over the keys" for BES users because they don't have them.

That also ignores the fact that governments don't need special cooperation to spy on communications from Android and iOS users -- those don't even offer you the illusion of security.

So, yes, BlackBerry is the ONLY option if security is a concern. If they're your last option, I hope you're not responsible for making security related decisions!

But don't let facts stop you from continuing to spread misinformation, even though this particular bit of nonsense has been corrected multiple times in EVERY thread on the subject since the first article appeared on Slashdot.

Re:Yet another excellent reason... (0)

Anonymous Coward | about 2 years ago | (#41664103)

Yet another? I thought that was the ONLY "non-evil" reason they could come up with obviously, it's also helpful to their bottom line.

I'm a big fan of iOS and Mac OS and I kind of like Apple as a whole but these "yet another" posts do get a bit tiresome after a while.

Exactly! That's why Linux is virus-infested and.. (4, Funny)

Smeagel (682550) | about 2 years ago | (#41664107)

Windows is completely free of viruses. Oh wait.

Re:Exactly! That's why Linux is virus-infested and (0)

Anonymous Coward | about 2 years ago | (#41664179)

That's because you don't use VISUAL STUDIO (tm) nearly enough.

It's better than bad, it's VISUAL STUDIO (tm)!

Re:Exactly! That's why Linux is virus-infested and (0)

Anonymous Coward | about 2 years ago | (#41664187)

Apples and oranges. In fact, you could argue that Linux is virus free because it has many people viewing every line of code (the many eyes makes all bugs (or in this case, malware/bugs) shallow philosophy). Just as one device driver doesn't work across distros, or even kernals, one exploit offset or one piece of self propagating malware will often not work across all. And even if it worked on many, or even one, the constant code review will catch it quickly.

Apple is very similar in part of that. It has common harware and software, but it has a rigid review process, even a review process that could be emulated by the FOSS community to forever eliminate security threats - ensuring that only code that has been reviewed and confirmed safe is a GOOD THING! Similar to the the FDA,m which double, triple and only God knows how many checks go into medical equipment and procedures. This is how you build a safe ecosystem.

Micro$soft built quickly to appeal to the masses and, either intentionally or not, also appealed to the masses of malware coders. This is where Android lives today, on the precipice of going down the M$ route only with the worst part of Linus (incompatible distros, a myriad of vendor only add ons, etc).

Really, Apple did the best of both worlds. A consistent user experience combines with a strong review practice to ensure a consistently pleasant, and consistently safe, user experience.

Re:Exactly! That's why Linux is virus-infested and (2)

Killall -9 Bash (622952) | about 2 years ago | (#41666195)

The problem with apple products is they just work.... until one day when they just don't.

And, when it stops working, you either have a VERY expensive repair to deal with, or a very frustrating time trying to google for helpful info.

Re:Exactly! That's why Linux is virus-infested and (1)

TheNinjaroach (878876) | about 2 years ago | (#41664335)

Well there's a solid contribution to the conversation at hand..

Re:Exactly! That's why Linux is virus-infested and (1)

gmhowell (26755) | about 2 years ago | (#41665065)

Get a good HOSTS file. Then you're golden.

Re:Yet another excellent reason... (1)

TrancePhreak (576593) | about 2 years ago | (#41664569)

I like how you don't bring up the jailbreakme website or acknowledge it exists.

Only took... (4, Interesting)

Synerg1y (2169962) | about 2 years ago | (#41663945)

10 years of smartphone generations for the government to realize there's the potential for viruses, spyware, and malware on these things as they are in all sense of the word a computer. I'm willing to bet google is now going to regulate the android market a little better, it still depends heavily on the user as to the risk posed to the device, just like with PCs.

I've also got to respectfully disagree with the article on rooting your device, it opens up the potential to load some pretty nifty security tools that help keep you safe in the first place.

Re:Only took... (-1, Troll)

BasilBrush (643681) | about 2 years ago | (#41665207)

Only took 10 years of smartphone generations for the government to realize there's the potential for viruses, spyware, and malware on these things

The story isn't about viruses on smartphones in general. It's about the whole new can of worms of viruses on Android.

Which Android? (2)

hawguy (1600213) | about 2 years ago | (#41663967)

Which version(s) of Android are vulnerable and which browsers? How does the attack work? Do I need to download and run a file? Just click on the file? Just visit the web page?

Is this even a real threat? It sounds like a vague alert that anti-virus companies send out to get you to buy their product.

Re:Which Android? (2)

Vylen (800165) | about 2 years ago | (#41664021)

A link within these advertisements leads to a website that is designed to push Loozfon on the user's device.

FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Based on that, it'd be simple websites telling people to download some installer/apk.

Re:Which Android? (1)

hawguy (1600213) | about 2 years ago | (#41664085)

A link within these advertisements leads to a website that is designed to push Loozfon on the user's device.

FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Based on that, it'd be simple websites telling people to download some installer/apk.

I don't think they gave enough details to know for sure that is what's going on - most users won't have configured their phone to install apk's that didn't come from the Android phone, does this attack work against them?

If they are going to go through the trouble to issue an advisory, they should explain how the attack works so we can educate our users.

Re:Which Android? (0)

Anonymous Coward | about 2 years ago | (#41664239)

most users won't have configured their phone to install apk's that didn't come from the Android phone

a) What?
b) B..b..but what about their Freedoms?

Re:Which Android? (1)

hawguy (1600213) | about 2 years ago | (#41664315)

most users won't have configured their phone to install apk's that didn't come from the Android phone

a) What?
b) B..b..but what about their Freedoms?

Few people I know with an Android phone care about the freedom of their phone - they liked the features, formfactor, and price point of the phone.

Few users outside of Slashdot's target audience even know that sideloading is an option - they are happy to stick with the Android store.

Re:Which Android? (-1)

Anonymous Coward | about 2 years ago | (#41664361)

they are happy to stick with the Android store

Well, if they're happy with second-best, probably third-best before too long with the money Microsoft will throw at developers (developers, developers) then, well, good luck with that.

Re:Which Android? (1)

hawguy (1600213) | about 2 years ago | (#41664415)

they are happy to stick with the Android store

Well, if they're happy with second-best, probably third-best before too long with the money Microsoft will throw at developers (developers, developers) then, well, good luck with that.

Yes, I know, Microsoft's dominance is right around the corner, just as soon as they get serious about it. Like how they killed the iPod with Zune.

Re:Which Android? (-1)

Anonymous Coward | about 2 years ago | (#41664443)

Even if they don't, let's be honest, the people spending money on Android "superphones" are exactly the people who're rooting, installing ROMS and sideloading. The rest, the much vaunted millions activations per are the people having slow Gingerbread shitboxes rammed down their neck by the retailers and networks that might have a passing interest in something that's "just like an iPhone" but that interest dies as soon as they try to use it and it's slow, jerky and has shit battery life. This is precisely why the web impression figures are so dramatically different between iOS and Android.

Re:Which Android? (4, Informative)

hawguy (1600213) | about 2 years ago | (#41664537)

Even if they don't, let's be honest, the people spending money on Android "superphones" are exactly the people who're rooting, installing ROMS and sideloading. The rest, the much vaunted millions activations per are the people having slow Gingerbread shitboxes rammed down their neck by the retailers and networks that might have a passing interest in something that's "just like an iPhone" but that interest dies as soon as they try to use it and it's slow, jerky and has shit battery life. This is precisely why the web impression figures are so dramatically different between iOS and Android.

The Galaxy S III sold around 20 million units worldwide, I'm having a hard time believing that all of those users are rooting their devices. I have a Galaxy Nexus that isn't rooted (nor have I sideloaded any apps).

Android phones are definitely good for someone that wants to tinker and root and sideload, but they are also solid smartphones out of the box.

I support around 250 devices - split relatively evenly between Blackberry, Android and iPhone. These users are mostly non-technical, and all seem fairly satisfied with their phones, including the Blackberry users (battery life and tight Exchange Integration are the big reasons the BB users are happy with their phones).

Starting with Gingerbread the Android platform stopped causing support headaches (mostly in Exchange syncing), ICS and Jellybean seem to put Android on par with IOS for the most part.

Re:Which Android? (0, Troll)

Anonymous Coward | about 2 years ago | (#41664821)

I love how your posts are pretty much instantly modded to 2. Every one of them. I mean, you might try making it less obvious.

Slashdot has become infested with Google schills but I find it funny more than anything else since it hasn't actually moved the needle on anything but 1st level help desk computer janitors.

As for "Starting with Gingerbread the Android platform stopped causing support headaches", you can't be serious. Android is still an unmanageable clusterfuck in a corporate, even at JB. I hope you're being paid well enough to post that.

Re:Which Android? (1)

hawguy (1600213) | about 2 years ago | (#41665031)

I love how your posts are pretty much instantly modded to 2. Every one of them. I mean, you might try making it less obvious.

Do you look for conspiracies everywhere you go? You should read up on Slashdot's Karma Bonus to see why my posts start out at 2.

Slashdot has become infested with Google schills but I find it funny more than anything else since it hasn't actually moved the needle on anything but 1st level help desk computer janitors.

As for "Starting with Gingerbread the Android platform stopped causing support headaches", you can't be serious. Android is still an unmanageable clusterfuck in a corporate, even at JB. I hope you're being paid well enough to post that.

I don't know where JB is, but Android really hasn't been any harder to manage than IOS at our organization. Blackberry is a little harder since we have to run a BES, but in looking at our past helpdesk tickets, our Android and iPhone ticket counts are about the same. Amusingly, sometimes people submit Android tickets as iPhone tickets, apparently they can't tell the difference. (but we get almost no iPhone tickets classified as Android tickets)

The only thing we support in our corporate environment is email - we don't even support calendaring, we let users sync their calendars, but we tell them that they may have problems accepting meeting appointments (on both Android and iPhone). For anyone that wants full calendaring support, we recommend Blackberry.

I'm not recommending Android over IOS (or vice-versa) for the typical user, for most people, a relatively recent Android device or iPhone is going to be a good choice for a smartphone.

Re:Which Android? (1)

AK Marc (707885) | about 2 years ago | (#41664783)

I thought Amazon app store was popular. That must be side-loaded. Installing Amazon app store compromises your security!

Re:Which Android? (0)

Anonymous Coward | about 2 years ago | (#41664817)

most users won't have configured their phone to install apk's that didn't come from the Android phone

a) What?
b) B..b..but what about their Freedoms?

I chose Android over IOS for the sideloading option and for being able to use my smartphone at 100% without being tethered/chained to some itunes crap app. And no, I don't care to root my smartphone, and no I don't install pirated apps.

Re:Which Android? (1)

Anonymous Coward | about 2 years ago | (#41664201)

Android Defence Force to the rescue. Form of Obfuscation and FUD!

Just FUD from our corporate Overlord (-1)

Anonymous Coward | about 2 years ago | (#41664025)

my android Device is Safe. I have rooted it (my Device from Sarnsung) and have installed a Custom Rom that allows me access to Content that is otherwise Prohibited or Blocked by Device Default app store. And I know that it would not even be available because of Apple Oppression. But because I run my CUstom Rom, the Device cannot be taken down. It is only the Apple Sheeple Garden that is 0wn3d by the Evil Tyrants running our Corporate World. My custom PDFs and Media Files are safe on my Custom ROM. This article is FUD, trying to steer us away from the One True Sarnsung.

c0m (-1)

Anonymous Coward | about 2 years ago | (#41664119)

for aal practical

You can't fix stupid. (4, Insightful)

scottbomb (1290580) | about 2 years ago | (#41664147)

Android is secure enough as it is. My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software, we will always have viruses.

Re:You can't fix stupid. (0)

Anonymous Coward | about 2 years ago | (#41664285)

My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software

So, basically, you acknowledge you can't sideload safely? How's that walled garden suiting you?

Re:You can't fix stupid. (1)

Nemyst (1383049) | about 2 years ago | (#41664455)

There is a difference between "unknown software" and "sideloading". Unless you're too incompetent to do a quick background check before downloading and installing an app, there's no inherent risk to sideloading.

I know I've sideloaded a few apps, most of the time to save money while giving more to the app developer. Sometimes the app wasn't available on the market (say, for emulators).

Re:You can't fix stupid. (0)

Anonymous Coward | about 2 years ago | (#41664523)

There is a difference between "unknown software" and "sideloading". .

There is, but only a slim one and one not recognised by the huge majority of people. Even for tech nerds, how do you know that a domain hasn't been hijacked? How do you know that the apk from a third party site or the torrent you downloaded hasn't been altered? Are you doing an D5 on everything? I doubt it and it only takes one slip for security to be compromised.

Unless you're too incompetent .

Ah yes, the Android user refrain. If your ecosystem is fucked and distributing malware and you expect your appliance (which is what people expect a phone, even a smartphone, to be) screws you, well you must be a dumbass. Not helpful and frankly a weak excuse.

Re:You can't fix stupid. (1)

hawguy (1600213) | about 2 years ago | (#41664577)

Ah yes, the Android user refrain. If your ecosystem is fucked and distributing malware and you expect your appliance (which is what people expect a phone, even a smartphone, to be) screws you, well you must be a dumbass. Not helpful and frankly a weak excuse.

Those that expect their phone to act like an appliance shouldn't sideload apps, if I try to turn on sideloading on my phone, it pops up a warning saying that I'm putting myself at risk. If the user accepts that risk, how is it Androids fault by giving them the option?

If someone buys a toaster then tries to rewire it and turn it into a space heater, they are a dumbass if it burns their house down - if you buy something to use as an appliance, then use it as that appliance. Don't open it up and start poking around, and then complain that something bad happened.

Re:You can't fix stupid. (1)

Tastecicles (1153671) | about 2 years ago | (#41664753)

but your Android phone's not gonna burn the house down. Unless you've got a Sony battery in it and you're using it while charging.

Re:You can't fix stupid. (2)

hawguy (1600213) | about 2 years ago | (#41664851)

but your Android phone's not gonna burn the house down. Unless you've got a Sony battery in it and you're using it while charging.

And your toaster isn't going to send your contacts and email to hacker groups. Each appliance has its own risks.

Re:You can't fix stupid. (0)

Anonymous Coward | about 2 years ago | (#41666217)

I run Linux on my toaster, you insensitive clod!

Re:You can't fix stupid. (3, Insightful)

hawguy (1600213) | about 2 years ago | (#41664479)

My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software

So, basically, you acknowledge you can't sideload safely? How's that walled garden suiting you?

Just like with all software, you need to trust your source. If I don't like Google Market's policies, prices, or selection, I can move to Amazon's App store (or one of the other alternative app stores). Or I can download direct from the software maker.

What alternative does an IOS have if he wants to install an app that's been rejected from Apple's store because of the content or features?

Re:You can't fix stupid. (1)

tlhIngan (30335) | about 2 years ago | (#41666147)

Just like with all software, you need to trust your source.

True. However, with Android, all it takes is a friend to show you how to get "cool appz for free!!!" by installing this that and the other thing and big list of apps for you. Stuff like APKTor (is that still around?).

True me, "paid apps for free" trumps "security". Think dancing pigs [wikipedia.org] .

Of course, we had viruses before - I know one developer on PalmOS actually had a virus labelled after one of his products - a bug in his (legitimate) app actually destroyed a few Palms when it did an anti-piracy check.

Re:You can't fix stupid. (1)

Paradise Pete (33184) | about 2 years ago | (#41666233)

What alternative does an IOS have if he wants to install an app that's been rejected from Apple's store

You're right, he'd have to do without. For me that's not nearly enough to make the difference. I like the iPhone. I have several Apple devices and I like how they all work together. It's certainly not perfection. It's not even close. But I like it, especially for my family.
I've been writing software since the Atari 400 was new. I could handle the Android issues. I'd just rather not.

Re:You can't fix stupid. (1)

micheas (231635) | about 2 years ago | (#41666357)

Pay $100 a year and become an apple app developer and sign what ever software you want to load on your phone?

I'm not an apple fan, but that is a reasonable option if you are in the iphone ecosystem.

Great more fuel for the fire... (0)

thestudio_bob (894258) | about 2 years ago | (#41664267)

...as a million iPhone users snicker as the FBI classifies Android as a virus.

Seriously (4, Insightful)

Dunbal (464142) | about 2 years ago | (#41664327)

This is not a virus.

Re:Seriously (4, Insightful)

tooyoung (853621) | about 2 years ago | (#41665453)

Well, we've kind of dug ourselves into a hole here. For the past two years, we've been describing social engineering attacks against Apple as viruses. Sure, we knew that they weren't, but it helped to dent Apple armor on the "we don't get viruses" claim. When Apple supporters posted that these were trojans, etc, we trolled them and said they were merely arguing semantics. Now we've just got to sit through a little blow back.

Wow, dangerous (5, Insightful)

funkylovemonkey (1866246) | about 2 years ago | (#41664477)

So I have to click on a strange email and then follow an unknown link where I will be asked to download an .apk? Then I will have to go into settings and click on the option to allow me to install something that isn't in the Play Store, click through the warning that tells me that sideloading an app can lead to viruses and malware, and then install the .apk which then asks me if I'm cool with it accessing my contacts, internet and everything else? If you do all that, you're pretty determined to have problems. I imagine that those who know how to side load apps on their phone are smart enough to not randomly install apps from questionable sources. Or at least they should be smart enough to know that they have no one to blame but themselves if they fall for it.

Re:Wow, dangerous (2)

rampant mac (561036) | about 2 years ago | (#41664945)

You underestimate the power of human stupidity.

See: Bonzai Buddy, every IE search toolbar every created, et al.

Re:Wow, dangerous (0)

Anonymous Coward | about 2 years ago | (#41665091)

In the defense of the OP that's a little different. To install the tool bars, bonzai buddy, etc you really just had to click once to install the thing and most of the time it was a silent install.

--wmbetts

Re:Wow, dangerous (2)

gmhowell (26755) | about 2 years ago | (#41665159)

Look, the random email said I had to do that crap to see the dancing baby, so I did it. You have a problem with that?

Translation for the masses (1, Insightful)

tooyoung (853621) | about 2 years ago | (#41666133)

I will be asked to download an .apk

I will install a normal application, like I have done many time before.

Then I will have to go into settings and click on the option to allow me to install something that isn't in the Play Store

Loading application that are outside of the walled garden is one of the main reasons for using Android. A bunch of my technical friends advocated this as the main reason for buying this phone in the first place.

click through the warning that tells me that sideloading an app can lead to viruses and malware

Sideloading an app, as my technical friends showed me, involves a few steps.

and then install the .apk which then asks me if I'm cool with it accessing my contacts, internet and everything else

I'm going to get paid to email people, so the company will need to make sure that I'm actually doing it. In fact, the instructions that they provided actually specified that I'd need to do this.

Re:Translation for the masses (1)

Mathinker (909784) | about 2 years ago | (#41666241)

And spam still exists because there exist a small minority of people who are simultaneously capable of using computers but not capable enough to learn what spam is and how to avoid it. So what? Because of the small minority of such people, Android is broken? The exact same people could have had their "technical friends" show them how to jailbreak iOS, etc....

Stupid user warning. (1)

future assassin (639396) | about 2 years ago | (#41664643)

>One version is a work-at-home opportunity that promises a profitable payday just for sending out email.

How about a name and shame app showing idiots who fall for this?

Government & Stealth Malware (1)

Anonymous Coward | about 2 years ago | (#41665021)

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computerâ(TM)s files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, donâ(TM)t you?

Iâ(TM)m now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individualâ(TM)s products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or âdeleted/junk postsâ(TM) forum section, someone or a team of individuals will mock you in various forms âtin foil hatâ(TM), âconspiracy nutâ(TM), and my favorite, âwhere is the proof of these infections?â(TM) One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed youâ(TM)re using the proprietary Microsoft Windows OS. Now, letâ(TM)s move on to Linux.

The rootkit scanners for Linux are few and poor. If youâ(TM)re lucky, youâ(TM)ll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they donâ(TM)t call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and Iâ(TM)ve been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Donâ(TM)t let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. Iâ(TM)m convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the âcuriousâ(TM) malware Iâ(TM)ve come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are âon the takeâ(TM), compromised themselves, and/or working for a government entity.

Search enough, and youâ(TM)ll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some âstrange infectionâ(TM). These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the âstrange infectionâ(TM) posts are left to age and end up in a lost pile of old threads.

If youâ(TM)re persistent, the usual challenge is to, âoeprove it or STFUâ and if the thread is not attacked or locked/shuffled and youâ(TM)re lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyoneâ(TM)s BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, âoethe only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranetâ but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, itâ(TM)s not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what youâ(TM)re doing, and even then⦠you wonâ(TM)t notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, âoethatâ(TM)s just Windows!â and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, Iâ(TM)ve observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesnâ(TM)t exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for Chinaâ(TM)s people. For other, freer countries, however, the concentration camps exist but you wouldnâ(TM)t notice them, they originate from media, mostly your TV, and you donâ(TM)t even know it. As George Carlin railed about âoeOur Ownersâ, âoenobody seems to notice and nobody seems to careâ.

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it wonâ(TM)t be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe weâ(TM)re mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and âoenobody seems to notice and nobody seems to careâ.

FBI virus and/or trojan warnings. (0)

Anonymous Coward | about 2 years ago | (#41665163)

Don't forget these chart topping hits!

Magic Lantern
"Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation."
https://en.wikipedia.org/wiki/Magic_Lantern_(software) [wikipedia.org]

(CIPAV)
"The Computer and Internet Protocol Address Verifier (CIPAV) is an illegal data gathering tool that the Federal Bureau of Investigation (FBI) uses to track and gather location data on suspects under electronic surveillance."
https://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier [wikipedia.org]

ECHELON
https://en.wikipedia.org/wiki/ECHELON [wikipedia.org]

LOL I THOUGHT MACS DONT GET VIRIIIIIII (0)

Anonymous Coward | about 2 years ago | (#41665261)

oh wait nvrmind

not just Android (2)

chowdahhead (1618447) | about 2 years ago | (#41665299)

It's a problem for mobile platforms in general.

FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc. (AAPL)’s iPhone and Research in Motion Ltd. (RIM)’s BlackBerry, an analysis of presumed samples of the software shows...“When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located,” a FinSpy brochure published by WikiLeaks says. Systems that can be targeted include Microsoft Corp. (MSFT)’s Windows Mobile, the Apple iPhone’s iOS and BlackBerry and Google Inc. (GOOG)’s Android, according to the company’s literature. Today’s report says the malware can also infect phones running Symbian, an operating system made by Nokia Oyj (NOK1V), and that it appears the program targeting iOS will run on iPad tablets.

source [paritynews.com]

wait (0)

Anonymous Coward | about 2 years ago | (#41665591)

android issues a warning the fbi is a virus ...oh right....
waves to anonymous

THIS IS NOT A VIRUS SLASHDOT (0)

Anonymous Coward | about 2 years ago | (#41665635)

After doing research on this it seems both apps have to be installed using the installer, and so you have to download the app to your phone by clicking the link and then authorize it to install by agreeing to give it access to your sensitive information when you download it... So this seems very over sensationalized.

This is not a virus this is malware which you must explicitly authorize to access your information. FinFisher is also written for all mobile phone versions including the iPhone, so it seems to me they should have had a warning for the iPhone as well. The main difference I guess is that non-jailbroken iPhones can only install apps from the marketplace unless you're a developer; whereas Android allows you to authorize it to install apps not from the marketplace. So now when the cadre of people who rely on you for tech information come up and ask you about the new "Android virus" you can thank sensationalist reporters and then stupid people that promote them without doing research...

FBI doesn't issue Android virus warning (1)

dgharmon (2564621) | about 2 years ago | (#41665655)

Malware isn't a virus and require the end user to download and run the malware ..

false alarm (2)

xdcx (2711191) | about 2 years ago | (#41665681)

most people know smart phones are capable of receiving a virus, you don't have to be a geek to know this, they just might not realize how common it is. they are perceiving the threat more than what it is. The problem is how people use their phones today, its like an attachment to their arms. If private information isn't stored on the phone in the first place, there is no value in a virus except disruption of software.

Thank God for accurate headlines (0)

Anonymous Coward | about 2 years ago | (#41665767)

I wish all /. headlines could be this succinct. As soon as I saw "FBI Issues Android Virus Warning" I knew I wouldn't have to waste my time rtfa or even rtfs.

FBI? (1)

wonkey_monkey (2592601) | about 2 years ago | (#41666467)

Funny, there's no mention of the FBI in the article. Did someone get over-excited when they wrote the headline?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?