FBI warns Android Phones are Havens for Malware

[CameraQuest]

hmm.
maybe iphones really are better.

FBI warns that Android phones are havens for malware
http://news.yahoo.com/fbi-warns-andr...181958059.html

I would guess that would apply to Android tablets too...

time to rethink that Android banking and Paypal app ?

Stephen

[rogue_designer]

Quote:

time to rethink that Android banking and Paypal app ?

Only if you do for any windows based PC. The same precautions apply. Use common sense, don't leave yourself or your phone wide open and unprotected, use antivirus and you're generally fine.

[willie_901]

iPhones are neither better nor worse. Risk evaluation is complicated and the end user is often the most significant variables.

Apple uses a closed eco-structure they control. While this frustrates some people, it does help greatly with risk management.

Android is exactly the opposite. Risk management becomes the responsibility of the end user. Well-informed Android owners who select phones from vendors and mobile probiders with a track record of risk minimization will have less risk than those who don't. The same goes for Apps. Ask Android owners who is responsible for their phone's security updates? Is is it the mobile provider who bundled the phone and OS? Is is the phone manufacturer? How do they get updates? How do they know when there is an update? Do they visit risky web sites and click links in emails indiscreetly?

Ask iPhone owners about Apple's track record with iOS security. How fast does/can Apple respond? How well can they vet the thousands of Apps submitted for approval every week? How many iOS owners sync their device regularly to learn an update is available and then take the time to do the update? Do they visit risky web sites and click links in emails indiscreetly?

Apple can not promise or achieve zero risk. Well-informed, diligent Android owners can't avoid risk either.

Disclosure: Since 1986 the only computer/smart phones I've purchased with my own money were Apple products.

[Joosep]

Quote:

Originally Posted by willie_901

iPhones are neither better nor worse. Risk evaluation is complicated and the end user is often the most significant variables.

Apple uses a closed eco-structure they control. While this frustrates some people, it does help greatly with risk management.

Android is exactly the opposite. Risk management becomes the responsibility of the end user. Well-informed Android owners who select phones from vendors and mobile probiders with a track record of risk minimization will have less risk than those who don't. The same goes for Apps. Ask Android owners who is responsible for their phone's security updates? Is is it the mobile provider who bundled the phone and OS? Is is the phone manufacturer? How do they get updates? How do they know when there is an update? Do they visit risky web sites and click links in emails indiscreetly?

Ask iPhone owners about Apple's track record with iOS security. How fast does/can Apple respond? How well can they vet the thousands of Apps submitted for approval every week? How many iOS owners sync their device regularly to learn an update is available and then take the time to do the update? Do they visit risky web sites and click links in emails indiscreetly?

Apple can not promise or achieve zero risk. Well-informed, diligent Android owners can't avoid risk either.

Disclosure: Since 1986 the only computer/smart phones I've purchased with my own money were Apple products.

Bullseye. Now this post saved us a few pages ?

[it'sawhat?]

Willie as a linux user i thought I'd never agree with an apple user, but you nailed it spot on.

[oftheherd]

My cell phone is the dumbest I can get. Having attended several lectures by people who specialize in cell/iphone security (and insecurity), can wait to get home where I have a little more control. That said, most of them agree, if you practice safe use, keep you antivirus and updates current, and don't click unknown URLs, you will mostly be OK. Crooks always look for the easy targets.

[Roger Hicks]

Quote:

Originally Posted by oftheherd

My cell phone is the dumbest I can get. Having attended several lectures by people who specialize in cell/iphone security (and insecurity), can wait to get home where I have a little more control. That said, most of them agree, if you practice safe use, keep you antivirus and updates current, and don't click unknown URLs, you will mostly be OK. Crooks always look for the easy targets.

Betcha mine's dumber! ALL it does is makes 'phone calls. Doesn't even have a camera. I dread the day it breaks...

Cheers,

R.

[photomoof]

Quote:

Originally Posted by willie_901

Android is exactly the opposite. Risk management becomes the responsibility of the end user. Well-informed Android owners who select phones from vendors and mobile probiders with a track record of risk minimization will have less risk than those who don't. The same goes for Apps. Ask Android owners who is responsible for their phone's security updates? Is is it the mobile provider who bundled the phone and OS? Is is the phone manufacturer? How do they get updates? How do they know when there is an update? Do they visit risky web sites and click links in emails indiscreetly?

With freedom comes reality. Ask 100 Mac or PC users how many do a decent backup at least once every few months and you will find the numbers VERY low. Everyone thinks they will back up, but even with apps like "Timemachine" they don't.

So do how do you think security fares?

[Sejanus.Aelianus]

Willie has it right.

I use OS-X, Linux, Windows, VMS, Symbian and a variety of Mainframe OSes. Any system can be cracked, if you enlist the aid of the user. By the same token, it's almost impossible to crack a system run by a suitably paranoid user. Whatever you use, you need to start by employing the operating system that runs on the wetware between your ears.

[photomoof]

Quote:

Originally Posted by Sejanus.Aelianus

Willie has it right.

Sort of right, but it never works that way. From the article; "All in all, users should be using the same precautions on their mobile phone as they do on their computers."

So for 99% of users the FBI is recommending no precautions at all?

I have found so much malware on friend's computers it is amazing. Most of it is harmless, I have never found a machine that is part of a botnet (most of those seem to be lazy Apache installs).

Being careful is seldom enough for most people. I am VERY careful but have found root kits on my servers managed by DELL. There are a lot of very persitant kids out there.

However having said the above, I seriously doubt that anyone is all that interested in taking over Android phones, they just want to screw around with the users at worst, and run ads.

Most cell phone users have more to fear from being tracked by Google or Apple than some kid in Eastern Europe just having fun.

[tom.w.bn]

In this article they mentioned some things that are problematic for every mobile device

Quote:

The agency recommends that for physical security smartphone owners should consider locking their devices with a pass code and only connect to trusted Wi-Fi networks. Lastly, smartphones should always be kept up-to-date and users should avoid jailbreaking or rooting their devices to avoid greater security concerns.

Especially the part about the trusted Wi-Fi is important. If you use a public Wi-Fi Network and access not encrypted websites, everyone can read your data and access your mail-, facebook-, rff-account.

I think this is as dangerous as getting some malware on your device.

[rogue_designer]

Quote:

Originally Posted by photomoof

SI seriously doubt that anyone is all that interested in taking over Android phones, they just want to screw around with the users at worst, and run ads.

Though I do agree, as the capability to make purchases from your phones increases in ease - it will be tempting for organized crime to try and make robot payments, or skim off the transactions, etc. Also opens up additional avenues for identity theft.

Still - easier to just steal the phone than that.

But this true for all phones. Android phones are maybe more vulnerable for now, but it's also easier to fix them. There are always tradeoffs.

[jfretless]

"users should avoid jailbreaking or rooting their devices to avoid greater security concerns."

LOL. Security concerns for who? The FBI, that's who. Sounds like the FBI doesn't want any competition when it comes to the ability to track and monitor persons of interest.

[photomoof]

Quote:

Originally Posted by rogue_designer

it will be tempting for organized crime to try and make robot payments, or skim off the transactions, etc. Also opens up additional avenues for identity theft.

This is at the core of most Android phone scams... trying to run with some money before the bank, or paypal, or the phone companies notice. CHECK YOUR PHONE BILL.

Has everyone been following this? http://www.fastcompany.com/1844294/n...ndroid-malware

Or this? http://www.mobileindustryreview.com/...infection.html

"A malware attack targeted at 18 countries that cost unsuspecting users £15 every time they tried to open a ‘free’ app has been cut off by PhonepayPlus, the UK’s premium rate telephone services regulator."

[bigeye]

People are building phones for classified use on Android. Google a NSA project called "fishbowl". You can't approach this level of security with IOS or Windows. These are very secure and behave like regular phones.

See SE Android

.

[oftheherd]

Quote:

Originally Posted by photomoof

Sort of right, but it never works that way. From the article; "All in all, users should be using the same precautions on their mobile phone as they do on their computers."

So for 99% of users the FBI is recommending no precautions at all?

I have found so much malware on friend's computers it is amazing. Most of it is harmless, I have never found a machine that is part of a botnet (most of those seem to be lazy Apache installs).

Being careful is seldom enough for most people. I am VERY careful but have found root kits on my servers managed by DELL. There are a lot of very persitant kids out there.

However having said the above, I seriously doubt that anyone is all that interested in taking over Android phones, they just want to screw around with the users at worst, and run ads.

Most cell phone users have more to fear from being tracked by Google or Apple than some kid in Eastern Europe just having fun.

We had a lady at one of our meetings some months ago demonstrating how a botnet can be easily installed on different OS phones. Phone botnets can be used the same as computer botnets. How many are actually victims I would not know.

[Rangefinderfreak]

Cash is KING. Cameras should be cameras. How can you track a leica M3 with TRI-X...

[photomoof]

Quote:

Originally Posted by oftheherd

We had a lady at one of our meetings some months ago demonstrating how a botnet can be easily installed on different OS phones. Phone botnets can be used the same as computer botnets. How many are actually victims I would not know.

Fun with phones...
http://www.pcworld.com/article/25879...am_botnet.html