Obad is the Baddest Android Trojan on the Block

obad_android_trojan

There is a new Android Trojan in town and this is one bad dude. Backdoor.AndroidOS.Obad or “Obad” as it is known on the street, is the most sophisticated Trojan ever seen, rivaling the capabilities of Windows based malware.

Yesterday a Malware Analysts Expert from Kapersky Labs released an announcement on a new Trojan that seemed like it was written for Windows and not an Android Device.

Earning it the dubious title “The Most Sophisticated Android Trojan“.

Sure it sends SMS messages to high rate numbers like many other Android malware apps, but there are several new features that really set this one apart. According to the report, Obad also has the following capabilities:

  • Downloads and installs other malware programs
  • Propagates malware to other devices via Bluetooth
  • Fully functional remote Command & Control

The ability to download other malware programs has been a Windows Trojan staple feature for a long time. But being able to use Bluetooth as a springboard to infect other devices is pretty concerning.

Obad_android_trojan01

Obad’s Command & Control features allow cyber criminals to send commands via SMS messaging, use a remote shell, download remote files, pull application & personal data from the phone, and attack other devices by using Bluetooth.

Another unique feature is that Obad can also freeze the display for up to 10 seconds to hide what it is doing from the device owner.

Using obfuscated code and several new vulnerabilities, Obad definitely raises the stakes in the mobile malware department. Thankfully it is not very well wide spread at the moment.

For more information check out the Kapersky Team’s complete analysis.

Google Glass – Yup it’s Hackable!

Google_Glass

As the way cool Google Glasses roll out to customers, it makes one wonder, what if it could be hacked?

Well, it can!

Early adopters have begun to receive their Google Glasses, the Android based wearable computer, and some couldn’t help but to try to hack it. And hack it they did.

Android and iOS developer Jay Freeman hacked his in just a couple hours, while he ate dinner…

It took me two hours while I was having dinner with friends at the time,Freeman told Forbes.The implementation from B1nary is for normal Android tablets and phones, I learned how it worked and then did the same thing on Glass…which was quite simple.

Being an Android based system, it is susceptible to the same attacks that affect smart phones and tablets.

Sadly, due to the way Glass is currently designed, it is particularly susceptible to the kinds of security issues that tend to plague Android devices,” Freeman wrote on his blog.

The one saving grace of Android’s track record on security is that most of the bugs people find in it cannot be exploited while the device is PIN-code locked. Google’s Glass, however, does not have any kind of PIN mechanism: when you turn it on, it is immediately usable.”

But apparently that was the point, according to a Google developer, the units are shipped so they can be hacked!

Not to bring anybody down… but seriously… we intentionally left the device unlocked so you guys could hack it and do crazy fun shit with it.  I mean, FFS, you paid $1500 for it… go to town on it.  Show me something cool.

That’s cool that they want people to go nuts on these things to find out what really can be done with them. I just have one question. What would a Denial of Service look like on Google Glass?

I mean will people be walking around bumping into things?

Or will the Google Glass user just stand there in a zombie like state with drool dripping down their chin?

Inquiring minds want to know!  🙂