{"id":2311,"date":"2010-03-13T16:55:49","date_gmt":"2010-03-13T21:55:49","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=2311"},"modified":"2022-12-30T12:45:24","modified_gmt":"2022-12-30T17:45:24","slug":"mobile-botnet","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/mobile-botnet\/","title":{"rendered":"Mobile Botnet"},"content":{"rendered":"

\"Mobile<\/a>Two researchers from TippingPoint’s<\/a> Digital Vaccine Group<\/a> duped thousands of smartphone users into joining a mobile botnet by spreading a seemingly innocuous weather application. Kelly Jackson Higgins at DarkReading<\/a><\/em> writes<\/a> that Derek Brown and Daniel Tijerina created a smartphone application called WeatherFist. Over 8,000 users downloaded WeatherFist, which grabbed users’ PII. The info they grabbed included GPS coordinates and telephone numbers, before displaying local weather information.<\/p>\n

\"TippingPoint\"<\/a>The researchers did not distribute their application via the official iPhone and Android application stores. Rather, they distributed the WeatherFist application via third-party app markets like Cydia<\/a>, SlideME<\/a>, and Modmyi<\/a>. The apps could only be installed on jailbroken iPhones<\/a> or Android<\/a> devices where users had specifically given permission for non-approved applications to be run. “We wanted people to feel comfortable using the application and putting it on their phone so we would have permission to do a lot of things like pass GPS coordinates, write to the file system, and surf,<\/em>” Brown told DarkReading<\/em>.<\/p>\n

Mobile Botnet<\/h3>\n

At the 2010 RSA Security Conference the researchers claimed they also wrote a malicious version of their mobile botnet, which they dubbed WeatherFistBadMonkey. According to DarkReading,<\/em>\u00a0the malicious app behaves more like traditional botnet code, stealing information and capable of distributing spam. “We could enable or disable system services [with a malicious app],<\/em>” Brown says. The TippingPoint researchers told DarkReading<\/em> they wanted to prove how an app could behave like much of the traditional Windows malware which, steals information, and allows hackers to gain remote control of hijacked devices.<\/p>\n

rb-<\/em><\/strong><\/p>\n

Smartphones are a part of today\u2019s network and Brown and Tijerina claim that this research shows a security hole in networks. Some of the ways to plug these new holes are to:<\/em><\/p>\n

    \n
  1. Update policies for the\u00a0 proper use of smartphones
    \n<\/em><\/li>\n
  2. Prohibit unsafe modifications of smartphones<\/em><\/li>\n
  3. Allow apps only from reputable app stores
    \n<\/em><\/li>\n
  4. Provide training on smartphone application usage<\/em><\/li>\n
  5. Lockdown the Wi-Fi network settings to keep smartphones from \u2018phoning home\u2019 any information that shouldn\u2019t leave the firm.<\/em><\/li>\n<\/ol>\n

     <\/p>\n

    Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn<\/a>,\u00a0Facebook<\/a>,\u00a0and\u00a0Twitter<\/a>. Email the Bach Seat\u00a0here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

    iPhone and Android smartphone users are tricked into into joining a mobile botnet by downloading a seemingly innocuous weather application.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3240,420,202,101,58,536,92,304,2534,4,129],"class_list":["post-2311","post","type-post","status-publish","format-standard","hentry","category-security","tag-3240","tag-aapl","tag-android","tag-apple","tag-botnet","tag-goog","tag-google","tag-iphone","tag-jailbreak","tag-security","tag-smartphone"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/2311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=2311"}],"version-history":[{"count":15,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/2311\/revisions"}],"predecessor-version":[{"id":132757,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/2311\/revisions\/132757"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=2311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=2311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=2311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}