bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 11th Jan 2010, 14:04   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
Banking trojan hits Android

http://www.bit-tech.net/news/bits/20...hits-android/1

A trojan application which attempts to steal banking details, uncovered by First Tech Credit Union, has been removed from the Android Market - but leaves unanswered questions.

__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 11th Jan 2010, 14:49   #2
eddtox
Homo Interneticus
 
Join Date: Jan 2006
Location: Maidstone, Kent
Posts: 1,296
eddtox has yet to learn the way of the Dremeleddtox has yet to learn the way of the Dremel
It was only a matter of time before it happened. It's worrying that the delivery vector was the Android Market, but not surprising. People assumed they were safe, now they know they are not and hopefully will be more careful about what apps they download.
eddtox is offline   Reply With Quote
Old 11th Jan 2010, 15:04   #3
wiak
Multimodder
 
Join Date: Apr 2006
Posts: 103
wiak has yet to learn the way of the Dremel
lol nothing new here, move over (hint: windows and the interwebs)
__________________
AMD Phenom 9850 Blacky Edition
Gigabyte GA-MA790FX-DS5
Sapphire Radeon HD 4870 512MB
OCZ Gold PC6400 4GB Dual Channel, VelociRaptor 150GB
Corsair 620HX (12v=3x18A, +3.3v=24A, +5=24A)
wiak is offline   Reply With Quote
Old 11th Jan 2010, 15:27   #4
bladerunner168
What's a Dremel?
 
Join Date: Jan 2010
Posts: 11
bladerunner168 has yet to learn the way of the Dremel
Old school!

I know, I'm old school. I like to play Borat quotes loud on my HTC Hero, I also like to play Mr T quotes. I also like the barcode scanner app which then checks prices on froogle. But there is NO WAY I would do my banking on mobiles, NO WAY, NO WAY

I still do my banking at the branch
bladerunner168 is offline   Reply With Quote
Old 11th Jan 2010, 16:06   #5
leveller
Yeti Sports 2 - 2011 Champion!
 
Join Date: Dec 2009
Posts: 1,107
leveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremel
Quote:
Originally Posted by eddtox
It was only a matter of time before it happened. It's worrying that the delivery vector was the Android Market, but not surprising. People assumed they were safe, now they know they are not and hopefully will be more careful about what apps they download.
1) I think it is pretty cool you managed to slip the words "delivery vector" into your post. Gave me an instant feeling of reading a sci-fi novel.

2) Is it really possible for people to be careful? I seriously have no interest nor knowledge of the Android stuff but if the freedom to create and submit anything exists ... I can imagine what sort of coders will be attracted to the phone.
leveller is offline   Reply With Quote
Old 11th Jan 2010, 16:49   #6
StephenK
Sneak 'em Upper
 
StephenK's Avatar
 
Join Date: Dec 2006
Posts: 291
StephenK has yet to learn the way of the Dremel
Guess it was bound to happen sooner or later. Maybe we'll see some sort of vetting system in future to try and cut down on this sort of thing.


(Off Topic: What is with henrinaiara's posts? Do we have a bot in our midst? )
__________________
Intel e6600 - 4gb Corsair Twin2X 6400C4 DDR2 - Arctic Cooling Freezer 7 Pro + Silver 5 - Gainward GTX260 Golden Sample 896MB - Dell U2410 + iiyama E2200WS - Black Coolermaster ATCS 840 - Corsair HX620 - Asus P5B Deluxe - 1tb F3 - 1tb F1 - 320gb T166 - X-Fi Xtreme Gamer - Creative Inspire T6100 - Razer Lycosa and Razer Mamba
StephenK is offline   Reply With Quote
Old 11th Jan 2010, 18:10   #7
smoothie
Multimodder
 
smoothie's Avatar
 
Join Date: Jul 2007
Location: Connecticut, USA
Posts: 94
smoothie has yet to learn the way of the Dremel
In the Android Market, the only way you can really be careful about which apps you download is to first read the reviews of the apps that exist on their description pages. People who comment on apps usually post any problems with the app, and suggestions on how to make it better, or if there's a better app on the market. For decent apps, the devs will also post comments to let users who check for updates know which problems they're working on. However, if an app appears to be working correctly, and then suddenly turns malicious, you'll have little warning.

Kind of reminds me of this story (last page of article is most relevant, but the article isn't too long): http://http://www.cosmosmagazine.com...lem?page=0%2C0
smoothie is offline   Reply With Quote
Old 11th Jan 2010, 18:14   #8
Nexxo
Whatever's Geek.
 
Nexxo's Avatar
 
Join Date: Oct 2001
Location: Birmingham, UK
Posts: 26,159
Nexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming SaiyanNexxo is a Super Spamming Saiyan
Quote:
Originally Posted by leveller View Post
1) I think it is pretty cool you managed to slip the words "delivery vector" into your post. Gave me an instant feeling of reading a sci-fi novel.
+1. Added it as a tag.
__________________
In memory of Kidmod-Southpaw (1997 - 2014)
a fellow geek, modder, dreamer of dreams
https://www.justgiving.com/kidmod
Nexxo is offline   Reply With Quote
Old 11th Jan 2010, 18:20   #9
eddtox
Homo Interneticus
 
Join Date: Jan 2006
Location: Maidstone, Kent
Posts: 1,296
eddtox has yet to learn the way of the Dremeleddtox has yet to learn the way of the Dremel
Quote:
Originally Posted by leveller View Post
1) I think it is pretty cool you managed to slip the words "delivery vector" into your post. Gave me an instant feeling of reading a sci-fi novel.

2) Is it really possible for people to be careful? I seriously have no interest nor knowledge of the Android stuff but if the freedom to create and submit anything exists ... I can imagine what sort of coders will be attracted to the phone.
Hehe glad I could help

Like you, I have no interest in the android platform, but I think it's time people began to treat mobile apps with the same care/suspicion they treat pc apps. As more information passes through/ is stored on mobile phones, more and more malware will target them. Especially where there are a huge number of people on the same platform Ie Android, iphone

@smoothie: awesome-scary

Last edited by eddtox; 11th Jan 2010 at 18:31.
eddtox is offline   Reply With Quote
Old 12th Jan 2010, 10:35   #10
shanky887614
Multimodder
 
Join Date: May 2009
Posts: 203
shanky887614 has yet to learn the way of the Dremel
isnt online banking for thick people?

do you guys hinestly know how weak wifi encryption is it takes 5mins to crack wep and under an hour to crack wpa so its no suprize and its a gadget you are still suposed to use your brain
its like a satnav you have to be pretty thick to drive into the channel when you select lodon to pariss on your satnav
shanky887614 is offline   Reply With Quote
Old 12th Jan 2010, 10:50   #11
ch424
Design Warrior
 
ch424's Avatar
 
Join Date: May 2004
Location: Cambridge, UK
Posts: 3,092
ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.ch424 is definitely a rep cheat.
Quote:
Originally Posted by StephenK View Post
Guess it was bound to happen sooner or later. Maybe we'll see some sort of vetting system in future to try and cut down on this sort of thing.
No. I'd much rather have the freedom to let people write trojans if they want. Android already gives the user a list of what an app is allowed to do when they install it. I'd never trust an app that says "let me remember your passwords for you!! "

Quote:
Originally Posted by shanky887614 View Post
isnt online banking for thick people?

do you guys hinestly know how weak wifi encryption is it takes 5mins to crack wep and under an hour to crack wpa so its no suprize and its a gadget you are still suposed to use your brain
its like a satnav you have to be pretty thick to drive into the channel when you select lodon to pariss on your satnav
Ummm...? You know that when you connect to a bank website it goes over https/SSL, right? It doesn't matter if you connect over unencrypted wifi, nobody is going to steal your details anyway. When you use an ATM, or use your card in a shop, your details are sent over the internet using the same encryption system. If someone had the resources to crack SSL, they'd do something more than steal $200 from your bank account.
ch424 is offline   Reply With Quote
Old 12th Jan 2010, 11:59   #12
Torwald
Minimodder
 
Join Date: Sep 2003
Location: At front of my PC
Posts: 21
Torwald has yet to learn the way of the Dremel
Hmm... Such attempts of stealing bank details could only affect bank accounts where only id/pass is required to send money.
In my country, when you want to make a wire transfer, you have to give some letters from secret password, next password which is sent via SMS and sign all this with your encrypted key (in file @ computer).
Now tell me, what use of my 'details' would such a 'cracker/phisher' have ? He wouldn't even log in to my account...
Torwald is offline   Reply With Quote
Old 12th Jan 2010, 12:20   #13
shanky887614
Multimodder
 
Join Date: May 2009
Posts: 203
shanky887614 has yet to learn the way of the Dremel
yes but what i mean is if they can get on your server/internet they can leave a trojan there to get your details and you guys would be suprised at how easy it is to mask a trojan/virus as a harmless plugin or something else
shanky887614 is offline   Reply With Quote
Old 14th Jan 2010, 03:41   #14
ZERO <ibis>
Supermodder
 
ZERO <ibis>'s Avatar
 
Join Date: Feb 2005
Location: Atlanta
Posts: 446
ZERO <ibis> has yet to learn the way of the DremelZERO <ibis> has yet to learn the way of the Dremel
The important thing to take away from this is that it worked only if a user entered sensitive data into the application. It is the consumers responsibility to ensure that the places they enter sensitive data into are secure. Worst case Google adds a warning reminding users to preform their own independent check on an application to ensure that the information they use on that app is secure.
__________________
965 @ 4.26GHz-P6T DELUXE-GTX 280@750&1307-DDR3 Triple Channel@1001 MHz-RAID 0 Cheta 15.6k SAS-All Water cooled
IBIS GAMING
ZERO <ibis> is offline   Reply With Quote
Old 14th Jan 2010, 08:09   #15
leveller
Yeti Sports 2 - 2011 Champion!
 
Join Date: Dec 2009
Posts: 1,107
leveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremelleveller has yet to learn the way of the Dremel
This wasn't the only bad app, Google are having to step in to clear up the Android store.
leveller is offline   Reply With Quote
Old 14th Jan 2010, 09:55   #16
eddtox
Homo Interneticus
 
Join Date: Jan 2006
Location: Maidstone, Kent
Posts: 1,296
eddtox has yet to learn the way of the Dremeleddtox has yet to learn the way of the Dremel
Google can't be expected to ensure that other developers' applications are safe, just like Ms can't be held accountable for Windows malware. History shows us that lowering the barrier to entry for developers helps make platforms more successful. History also shows us that the more successful a platform is, the more likely it is that it will be attacked. The alternative is going the apple route and filtering every single app, but in the long run that doesn't seem to work as well because it becomes more difficult/risky for developers to take up the platform. In the words of a (in)famous CEO , "Developers developers developers" etc.
eddtox is offline   Reply With Quote
Reply

Tags
delivery vector

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 23:13.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.