Forgot your password?
typodupeerror
Open Source Security News

Soundminder Android Trojan Hears Credit Cards 164

Posted by CmdrTaco
from the i-heard-that dept.
Blacklaw writes "A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers — typed or spoken — and relaying them back to the application's creator. Once installed, Soundminder sits in the background and waits for a call to be placed — hence the access to the 'Phone calls' category. When triggered by a call, the application listens out for the user entering credit card information or a PIN and silently records the information, performing the necessary analysis to turn it from a sound recording into a number."
This discussion has been archived. No new comments can be posted.

Soundminder Android Trojan Hears Credit Cards

Comments Filter:
  • But hey (Score:2, Insightful)

    by Pojut (1027544) on Thursday January 20, 2011 @10:59AM (#34940302) Homepage

    It's Linux-based, so naturally it's secure! /sarcasm

    Note: I have a Droid Eris running Nonsensikal 15.2...so I'm certainly no Android hater.

  • by joebok (457904) on Thursday January 20, 2011 @11:29AM (#34940682) Homepage Journal

    Article and summary say "typed or spoken" - so it is not simply looking for a sequence of tones - which broadens the impact significantly even from official over-the-phone payment systems.

    Still, the fact that CC companies have to eat fraudulent transactions over $50 means that even if this were in the wild, it probably would not have major impact. CC companies are pretty good at detecting fraud. Debit cards/banks, however, are not held to the same standard - highly recommend never, ever, using a debit card under any circumstances regardless of this kind of exploit.

  • Re:But hey (Score:3, Insightful)

    by trollertron3000 (1940942) on Thursday January 20, 2011 @01:01PM (#34942048)

    In fairness to Linux, it still requires a moron somewhere in the equation to accomplish this feat.

  • by ColdWetDog (752185) on Thursday January 20, 2011 @01:45PM (#34942628) Homepage

    If we can teach people to steer a heavy metal vehicle down a highway at speed we can certainly teach them to understand how software trust works.

    We're doomed.

  • by TheRaven64 (641858) on Thursday January 20, 2011 @01:47PM (#34942656) Journal

    I'm pretty sure everyone likely to read your post already knew that. I have my credit card set up to be paid by direct debit automatically, so 14 days after the end of the billing period (i.e. before they would start charging interest) they take the money. Because it's Direct Debit, it's covered by the Direct Debit guarantee, so my bank can reverse it for me easily. They send me an email each month to remind me to check the bill online (they don't send paper ones).

    In effect, I have something that functions like a debit card, but for which I get 1% back and between 14 and 45 days of interest-free loan on every purchase. Since I have an offset mortgage, the money on every purchase I make on my credit card sits in my current account for 14-45 days after I've spent it, reducing the interest that I pay on my mortgage (this saves less than the price of a pint of beer each month, but it's still nice to have for no effort).

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.

Working...