Just watched a very good Mobile Malware update video from Hacking Exposed!
I haven’t really been keeping up with smart phone tech or smart phone viruses, but the webinar was very informative. The speaker covered several of the current malware threats. I was actually surprised to see how closely they behave to PC viruses.
Android.Nickispy once installed, has the ability to store all conversations and the GPS coordinates of the phone. The data is saved in an audio file in a directory called “Shangzhou” on the SD Card RAM. Then, just like in a PC bot virus, the files are pushed up to a command and control server.
The speaker’s theory about recording the GPS locations with the call was that some large un-named country that has been snarfing a log of military and intelligence data could focus on cell phones in a certain area.
He also mentioned Android:Soundcomber. Soundcomber is a proof of concept trojan. It records phone calls and uses audio processing to pull credit card numbers from voice communications. In the demo, the user calls a credit card company and on the first call speaks his (fake) credit card number into his phone. On the second call, the user enters his credit card number via the keypad.
Using audio processing, Soundcomber pulled the correct credit card numbers from both calls and displayed them on the command and control server.
A lot more was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed.
Finally, how to defend against mobile malware was discussed. Surprisingly, the techniques were very similar to the PC world:
- Don’t run programs from publishers that you don’t know and trust
- Set strong passwords
- Disable unnecessary startup apps
- Disable unneeded Wi-fi, GPS and Bluetooth radios
- Minimize remote unlocking services
- and run Mobile whitelisting or Anti-Virus software
This is just a quick overview of the hour long video. The video should be posted on the Hacking Exposed website soon, check it out, it is very informative and well worth the time.