Weekly Mobile Security News Roundup

This week’s roundup is dominated by Heartbleed – a significant SSL encryption vulnerability. Heartbleed has been taking the Internet by storm and affects both PC and mobile users. The problem exacerbates as even when fixes are available for mobile users, the patching process is long and not under the control of admins or end-users.

  • Heartbleed – SSL Encryption vulnerability
    The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This library is widely used to secure web browsing (i.e. the underlying software behind SSL, in action when you see https://) and even mobile banking applications.


    Ultimately, this vulnerability enables an attacker to target users and access the credentials of a victim, even though the communications between the device and the target server are encrypted.


    OpenSSL implementations are present in 65% of the internet’s active sites, so this is an issue that has affected everyone. It’s important to note that newer versions of Android OS (4.2, 4.3, 4.4) are safe. However, users still running Android 4.1.1 are susceptible.


Why is this Significant?

    The fact that users with older versions of Android aren’t protected highlights a wider problem for mobile users – a problem which exists any time such a vulnerability is fixed. Users are often at the mercy of cell providers for updates, so it might not even be up to a user being tech savvy enough to know when to update.


  • Virus Shield – a fake app at the top of the Google Play charts
    Virus Shield, an app that recently rose to the top of the charts on Google Play, has been exposed as entirely fake and has since been removed by Google.


    The app includes almost no functionality whatsoever, yet despite being priced at $3.99, it was downloaded thousands of times.


    Virus Shield, which quickly received a 4.6 rating (out of 5) claimed that it would:

    1. Prevent harmful apps from being installed on your device.
    2. Scan apps, settings, files, and media in real time
    3. Protect your personal information
    4. Strong antivirus signature detection.


Why is this Significant?

    This is a case of social engineering, a growing trend in mobile security and something that we’ve been discussing lately on our blog. Virus Shield was playing on people’s fears.


    This news also highlights another major problem with mobile app stores – any questionable apps slip through the net (both iOS and Android).


  • Google Patents a method to identify pirated apps
    Directly relevant to the previous item, Google might have a way, or at least an idea, of how to deal with issues like “Virus Shield”, as well as more dangerous pirated apps that contain malware.


    Google has explicit policies against misleading or trademark-infringing apps, but with millions of apps in the Store and no human review process for each upload, fake and malicious apps constantly sneak in. The company currently relies on user feedback for flagging bad apps – which exactly where the new patent comes in.


    The patent describe an algorithm that compares several parameters of a submitted app (code, images, audio, data files) with those of “authorized” apps that have been uploaded by established developers.


Why is this Significant?

    This is potentially a big step forward in app store security. With thousands of apps being uploaded daily – drastic improvements are needed regarding the security policies. We’ll be paying close attention to further updates on this subject.



  • Waller – Malware specifically designed to attack a mobile wallet app.



    Reports show that Waller, an mRAT (Mobile Remote Access Trojan) that attacks the QIWI Android app, is being distributed by SMS spam and via fake apps.


    The Visa QIWI Wallet Android app, which allows users to make and receive payments and transfer money, has been downloaded by a total of between 1 and 5 million users.


    After it infects a smartphone, Waller contacts its command and control (C&C) server. The remote server can order the mRAT to check the balance of a QIWI account, send SMSs, open web pages, download and install other malware, intercept text messages, and send spam to the victim’s contact list. The threat is also capable of updating itself.


    In order to check the balance in the WIQI Wallet, the malware sends an to a specific number and intercepts the response. If there is money in the digital wallet, the attackers can steal it by sending another message with the wallet number they want to transfer funds to along with the amount they want to transfer.


Why is this Significant?

    Sending SMS messages to premium services is an efficient and common way for attackers to make money. However, this method won’t work in every country. This is why attackers are stepping up their game and developing malware that is more specific. In this case targeting the QIWI wallets app.