DecryptedTech

Thursday18 August 2022

Displaying items by tag: CA Technologies

Tuesday, 02 August 2011 22:37

Mobile phones, the new Windows XP

permissionsNot that long after Windows XP hit the market a very handy little flaw was found (one of many) that would be the start of a great love/hate relationship with this OS. Even today with Windows XP holding a only a little more than 50% of the PC market the venerable OS accounts for more than 60% of rootkits and something like 80% of the known malware and viruses. What does this have to do with mobile phones? Well is goes something like this; when you buy a mobile phone it comes preinstalled with the OS (usually some derivative of Linux). This OS allows you to setup some rather weak security (a reversible password for screen access). However underneath there are usually two accounts that everything runs on. There is the root account which is the master admin account and has rights to do just about anything. Then there is a mobile user account. This is the account that the UI and all applications run under. The problem? Well every phone out there from each manufacturer uses the same passwords for each (this may actually differ a little between handsets depending on the manufacturer). Yup that is right, if I can guess or hack the root password on one phone; I know them all for that line.

This handy little flaw has been shown on Apple, HTC, Google, Samsung (and just about all Android Phones). Where this becomes important is during application installation. It is during that time that some installers will (or can) access the root account of the phone. If a piece of malware written for your phone OS does this then you can be in a world of trouble.

CA Technologies has been tracking a new brand of malware for the Android platform. It started off by just logging the details of incoming and outgoing calls, but now has moved into actually being able to record these calls and transmit them back to a central server. The days of just installing any app that catches your eye is gone (it never really should have existed anyway). Now more than every Smart Phone users need to be careful what they allow their apps to do. As an extra precaution grabbing a mobile security app like Lookout or Similar for that extra level of protection is a good idea. Just like XP what we think of as secure, turns out to be full of holes after all.

Source and picture CA Technologies

Discuss this in our Forum

Published in News