Android Under Attack! – Mobile Security Weekly

While perhaps not emulating last week’s massive haul of mobile security hazards, this week’s stories still pack a hefty punch. The stories reraise the issue of inherent problems with the basic architecture of the modern mobile device as well as the ecosphere within which it exists (i.e App stores and other basic services).

Researchers:  Secret Ad Trackers Inside 1000s of Android Apps

Security researchers have released a report after testing a group of 2,000 apps from the Google Play Store and finding that they connect to 250,000 different URLs from 2,000 different top-level domains. This in itself is quite intriguing – it essentially means user data is being distributed to lots of different locations.

The study found that some applications would connect to as many as 2,000 separate URLs within minutes of launching, while others generated more than 1,000 HTTP requests. The most worrying part is that about 10% of the sample group were aggressively tracking their users, connecting to about 500 different URLs, some of them with seriously questionable origins.

Why is this Significant?

The existence of in-app connections isn’t necessarily such a massive problem (apart from the ones that are taking to ad-services). What it does highlight though, is just how much is going on behind the scenes when using a simple, well known, free Android application. Even users that stick to the Google play store aren’t completely protected from mobile and data security issues.

Analogue Modems Allow Attackers to Extract Android Device Data 

Researchers have managed to bypass Android’s security mechanisms and exploit the cellular voice channel to act as yet another new covert channel which can potentially be used to leak information and to spread malware.

Without getting too technical, what the researchers did was create a software modem that encodes data on the voice stream, but doesn’t take up enough of that stream so that the user will notice.

While it only runs at 13 bits per second (i.e very slow), the researchers believe that it’s still enough to exfiltrate data, or the channel could be used to spread malware which will opens up further vectors of attack or data extraction. The other major issue is that audio communications aren’t subject to the same security measures as other more conventional means of data transfer.

Why is this Significant?

Besides proving that the cellular voice channel could be used to distribute malware or leak information, this research also brings to light the issue of new, innovative method of accessing an Android device. Despite constant improvements, Android’ architecture remains vulnerable in many ways and attackers are constantly raising the bar.