Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Mobile Spyware Conferences Into Your Calls 105

wiredmikey writes "Reports of Multiple Variants of Android Virus 'Hong Tou Tou' are showing up, which has mainly been working its way onto smartphones via alternative app marketplaces. Today, we saw reports of a new variant of spyware "Spy.Felxispy" targeting Symbian devices, identified by the National Computer Virus Emergency Response Centre of China. More than a dozen variants of the spyware have emerged since the first was spotted, and the latest has affected 150,000+ devices. Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation."
This discussion has been archived. No new comments can be posted.

Mobile Spyware Conferences Into Your Calls

Comments Filter:
  • Pray tell. How does this virus propagate?
    • by v1 ( 525388 )

      There was an article recently about malware being highly prevalent in wallpaper packs. Malware authors would download the packs, jimmy their spyware payload into the installer, and repost it somewhere else, sometimes under the same name.

      One of the disadvantages for an unlocked system, you are now placing the user primarily in charge of the security of the system. That's very hard to get right.

      • But I ask the same I asked in the last Android trojan discussion here:

        - On Android the app was installed from a bogus marketplace, so if I do not change this default android restriction (you are not able to install apps out of official marketplace without explicitly changing configuration with a beautiful warning), how is this a problem to a "normal" (maybe security conscious) user ? When you give a certain degree of freedom in a device, uncautious users are able to make this things even after several warni

        • It's a problem because your call is being listened in on by spyware on the phone of the non-security concious user you just called?
          • You are correct.

            Then it's the same it happens with email. Only one email fellow with a trojan makes you receive a lot of Spam.

            It's time to educate people you talk to the same way you try when you are talking with email fellows.

            I understand what you say, but installing an app out of official Marketplace cannot be seen as an accidental trojan infection (at least in my personal experience), you have to disable a couple of settings to be able to do so in a stock phone, so when someone does this it really wants

      • by JamesP ( 688957 )

        Yes

        And if you allow a 'wallpaper pack' permission to access the network, really?!

        Ok, scratch that, if you download a 'wallpaper pack' instead of picking photos on flickr you deserve it

      • I'm getting an Android! Finally, I can get a 3-way going during phone sex :-)
    • Pray tell. How does this virus propagate?

      Spyware not virus. From article, "the cybercriminals usually install the spyware on the phone or send MMS containing the spyware to users to lure them to click."

      • Nice to see you RTFA, but apparently you missed the title:

        Multiple Variants of Android Virus 'Hong Tou Tou' Surface in China

        • by Anonymous Coward

          Nice to see you RTFA, but apparently you missed the title:

          Multiple Variants of Android Virus 'Hong Tou Tou' Surface in China

          Viruses technically need to be capable of self replication according to the dictionary definition. Although the term 'virus' is now being used more generically to refer to any kind of nasty computer program but I do see the parent's point.

    • I know most /.ers don't RTFA, but not even reading the OP.....wow. Sorry, thats probably uncalled for. Anyways, it is being "spread" by people downloading it from alternative app marketplaces.
      • Re:Virus? (Score:5, Insightful)

        by ErroneousBee ( 611028 ) <neil:neilhancock...co...uk> on Wednesday February 23, 2011 @12:17PM (#35291446) Homepage

        I know most /.ers don't RTFA

        I was just leading readers along a path that ends with questioning the alarmist nature of the SecurityWeek article.

        Its not a Virus, it doesn't propagate itself. You only get this Trojan by going to a unsecured website (A Chinese one at that) website and downloading it from there.

        In other news, iPhones are dangerous when eaten.

        • Same could be said about HIV. You only get the virus through your own actions. Such is the meaning of the A in AIDS. Acquired means that you have to do something active to get it. It doesn't just get passed around in the air. Does the fact that something doesn't replication without human intervention make it not a virus? The wallpaper file itself is not a virus, but the whole infrastructure set up around the file enticing people to download and install the file, could indeed be characterized as a viru
          • We're talking about computer viruses, which are distinct from worms or trojans; all of them fall under the collective umbrella of the term "malicious software". Wikipedia probably has more info.

          • You only get the virus through your own actions.

            Haemophiliacs, rape victims, children of HIV positive mothers.

            The defining characteristic of a virus is that it makes copies of itself and broadcasts them around to hopefully contact and infect the next host.

            The defining characteristic of a Trojan Horse is that is presents itself as a benign object and waits for an unwary administrator to install it within a defensive perimeter.

            An EXE is not a virus if it does not attempt to broadcast itself to the next host.

          • by Kosi ( 589267 )

            Same could be said about HIV. You only get the virus through your own actions.

            Do you consider getting stabbed by a junkie with an infected needle, or receiving an infected blood conserve (like it happened to a friend of my father) really "your own" actions? Or getting born with it (400,000 kids just in Africa in 2009, source: Wikipedia article about BornHIVFree)?

            • In modernized countries, these problems are completely insignificant for spreading HIV. I'll grant that it's more likely than death by meteorite.

              • by Kosi ( 589267 )

                Yeah, I know, most common is willingly unprotected sex and sharing of drug tools.

                Oh, and just like a computer virus may use OS routines to propagate itself, HIV uses our ejaculation routine. Propagating itself is not meant as doing that entirely on its own. One more example is airborne infection, which usually requires the host to be breathing.

    • I agree that this sounds more like a trojan.

      Maybe "BD.HongTouTou.A" and "BD.HongTouTou.B" propagate within a server hosting the app market place by infecting the android packages being distributed. A mother virus called "BD.HongTouTou" that injects its payload of "BD.HongTouTou.A" or "BD.HongTouTou.B" into android packages. I find this unlikely.

      This should serve as an example of why you should be wary of what app marketplace you use.

    • by gl4ss ( 559668 )

      you install it. thats how mobile malware has worked for the past 10 years. it's just that some android marketplaces have no upload checks of any kind.

      i'm baffled by the summary a bit though, as there is no mention of the obvious problems with conferencing the calls of 150 000+ people and the problem of being tracked down.

  • by grub ( 11606 )

    Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.
    • by tepples ( 727027 )

      Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.

      Which doesn't mean it isn't happening. At least with Android, when you install an application from Market, AppsLib, or APK, it tells you what privileges the application wants.

      • Unfortunately Android still doesn't have BlackBerry's feature: allow or deny individual priveleges (or prompt on each request).

        So if you have an online game that wants network access and for some reason, access to your contact list, on Blackberries you can say "Ok for network, deny for contact list", and the application gets a AcccesDeniedException when it tries to open the contact list.

        And all that from "outdated" technology!

        • by sockman ( 133264 )

          I would love to see that on Android, but they would have a problem with people denying for full internet access, when the app is ad-supported. So they would need to separate the channel for ad's and other internet access.

          • by jdgeorge ( 18767 )

            Agreed. The solution should be "if access to ad network is denied by client, exit app gracefully."

            • what happens when you have no network access?

              There are thousands of square miles of NY State(home of 22 million people) that at best can get voice cellular service. Regions with Million dollar homes and property values of 100k an acre and the best cell coverage they get is phone calls if your lucky. It doesn't matter verizon, AT&T they all suck the same in those areas.

              If the app when there is no ad network then huge sections of the USA won't be able to run the app.

              • what happens when you have no network access?

                The same thing apps do when running on an iPod touch or Archos 43: show cached advertisements downloaded when the app last synchronized data to "the cloud". This makes them not clickable, but TV ads aren't clickable either.

              • I suspect that with the above system, there would be a different exception thrown for "no TCP/IP network access available" vs. "app is denied access to TCP/IP stack".

      • by node 3 ( 115640 )

        Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.

        Which doesn't mean it isn't happening. At least with Android, when you install an application from Market, AppsLib, or APK, it tells you what privileges the application wants.

        Actually, it does mean exactly this, that it isn't happening. iOS apps *can't* secretly force you into conference calls. Also, are you saying this app asked for "permission to secretly initiate conference calls"?

        The fact is, we *know* about these things happening on Android. They seem to crop up more than once a month. It's technically *possible* there's something similar happening on iOS, but it's irrational to assume this, because there is absolutely no evidence whatsoever of anything like this happening

    • Hee hee... They're just better at covering their tracks :-)... or... Apple does the spying for them. One thing is certain, smart phone, dumb phone, your call isn't private.

    • Re:Well... (Score:4, Insightful)

      by slashgrim ( 1247284 ) on Wednesday February 23, 2011 @12:06PM (#35291332) Journal

      Say what you will about Apple's "walled garden" but I don't hear of such things on their AppStore.

      It happens just by businesses rather than "cybercriminals" http://www.readwriteweb.com/archives/dear_iphone_users_your_apps_are_spying_on_you.php [readwriteweb.com] And of course all platforms have had some sort of remote exploit http://news.cnet.com/8301-27080_3-10299378-245.html [cnet.com] Conclusion: "walled gardens" for apps just provide a feeling of security, while giving up the user-freedom of installing any app. Personally I prefer the freedom and am (so far) very happy with the homebrew community support offered by Palm (and now HP) http://www.precentral.net/hp-donates-server-homebrew-webos-internals-group [precentral.net]

      • Wait...someone bought a Palm?!?!?!?!?
        • by Amouth ( 879122 )

          i have a co worker who is on his 4th palm pre.. he got it because they where offering free tethering if you got one.. but the damn thing keeps dieing on him.

          it isn't that bad of a device.. but by god is it lacking n some of the more basic user interface bits.

        • The Pre has the best user interface and it's the most hacker-friendly phone as well. But why would anyone on Slashdot be interested in that?

    • It isn't happening on Google controlled Android market either. /shrug

      Let just be thankful it's a virus that spreads due to user carelessness and not one that spreads via a weakness in Android's security.

      The latter one is going to be a bitch to patch with Android's "unreliable" updating on various phones.

    • Don't hear such things from the Android Market either. But root your iPhone and start trolling bittorrent for a pack of 3000 pirate apps and you'll likely pick up the same viral crap there.

      What I say about the walled garden is that the stupidly tight controls do not provide sufficient benefits. Simple quality control such as *this is virus* or *this is not virus* of the Andriod Market provide exactly the same benefits without having to turn over your soul to the will of Evil Genius Jobs. That and the bo
    • Comment removed based on user account deletion
    • Coming Next, Symantec for Android! Soon in addition to IT departments, we'll be hiring people to keep people's phones running - removing viruses, unbricking phones after updates kill them. The mind boggles at this new growth industry.
  • My conversations is so boring that I sometimes don't even pay attention myself

  • I hate to say it (Score:4, Interesting)

    by drhamad ( 868567 ) on Wednesday February 23, 2011 @11:47AM (#35291152)
    Was Steve Jobs right? Is a single, restrictive & tested, marketplace the way to go?
    • No
    • by Haedrian ( 1676506 ) on Wednesday February 23, 2011 @11:54AM (#35291238)

      Nope.

      Non-techy users can still use Android marketplace. If you believe yourself to be a tech user and want to try something else, you can feel free to do so. But its your risk.

      Also there are tons of other reasons why a closed up marketplace sucks. If you don't want to pay the 30% to apple and sell the product from your own website - tough luck! Amazon is planning their own app store - they can't do it with apple.

      • by JamesP ( 688957 )

        If you really want to sell, the 30% is going to be payed by the user, not you...

        Besides, ok, suppose you want to deal with everything: set up servers, CC processing, billing, etc, etc you'll start to think the 30% is a good deal

        Been there, done that, etc

      • How, exactly, do you tell if what you're downloading is infected with a trojan such as this? Permissions list is nice, but doesn't tell the whole story. Who inspects the packages being uploaded to the unsavory store you're about to download from? I'm certain you don't inspect the contents of every app you're downloading.

        I know plenty of people who download crap because "it is free", from all sorts of places who get infected by all the crap that is out there. I usually tell them "its not free", that it costs

      • by tlhIngan ( 30335 ) <slashdot&worf,net> on Wednesday February 23, 2011 @12:42PM (#35291684)

        Non-techy users can still use Android marketplace. If you believe yourself to be a tech user and want to try something else, you can feel free to do so. But its your risk.

        Actually, non-techies can use alternative marketplaces as well, just as non-techies can jailbreak their iPhones and even use ssh.

        Technology skill level is not a factor - if all you have to do is follow a bunch of steps to get what you want (free apps, free pr0n, whatever), you'll find the number of people who do it suddenly rise.

        Why do you think a lot of jailbroken iPhones have default passwords set? The people jailbreaking them just followed instructions of "Download program X, run this, click that, click that, then wait 10 minutes. When you're done, reboot your phone, tap this icon, tap this thing, type this, tap that, blah blah blah". And before you know it, they've installed openssh, ssh'd into their phone and done a bunch of things, to get whatever they needed, but also left their phone vulnerable.

        Androids are no different. They may tell their friends that they got some new cool Android phone, and their friend tells them "hey, follow this link, it'll tell you how ot get some great apps for free", and they'll just blindly follow the instructions.

        It's even why all those people dismissing those trojans and botnets infecting chinese alternative marketplaces as irrelevant are wrong. If those chinese marketplaces are offering stuff people want (free apps - why pay for them?), you'll find people will do it. Even if you warn them "Don't ever use this app" or "that site contains nothing but viruses", you'll find them accessing it if some web page tells them to.

        Anyone's who had to clean up their parent's PC or their kid's PC for the Nth time already know this, and it seems if you put a block up, they'd find a way around it. (Not unlike the behavior of tech savvy people when they encounter a block). Sure they won't ask you why they can't access their favorite virus-installing pr0n site anymore, they'll ask their friends who'll give them a bunch of proxy servers and crap.

        There is no solution, either - it's fundamentally a social problem. People jailbreak because they seem some cool app not in the App Store. People install alternative marketplaces to get that 99 cent app for free.

        No technological hurdle is too high if you have someone wanting something, and someone providing that thing they want. As long as someone somewhere has written a set of steps on how to do it, it will happen.

        Even more annoying is these people will follow those steps to the letter while your steps and instructions are ignored.

        • I'll agree with your assessment with my experiences with repairing people's malware infested PCs. Some 90% of the time I'll find limewire on these computers and can trace the viruses' origin to some song the user tried to download for free. It's astounding how many people ruin their computers - that cost a few hundred dollars - trying to save a few dollars by downloading a few songs for free.
          • I've yet to see any computing device--mobile, laptop, etc. "ruined" by downloading a song. The OS trashed, yes. But never seen one actually permanently disabled.

            I've found that most of the people who download malware/virii on a regular basis have now quite adept at popping a Windows disk in the optical drive and "Pressing any key to boot from CD/DVD...", probably because they saw me do it so many times to the tune of $40 and some beer that they actually learned something.

            Besides, reinstalling your OS
            • Of course it isn't ruined for one with sufficient technical skills, but for the average user, it is unless they want to pay someone else to fix it. And some techs are better at removing all of the viruses than others. Also, there is the matter of the user's personal data and apps.
    • Was Steve Jobs right? Is a single, restrictive & tested, marketplace the way to go?

      No. Malware can get into a single market just by businesses rather than "cybercriminals" http://www.readwriteweb.com/archives/dear_iphone_users_your_apps_are_spying_on_you.php [readwriteweb.com] [readwriteweb.com] And of course all platforms have had some sort of remote exploit http://news.cnet.com/8301-27080_3-10299378-245.html [cnet.com] [cnet.com] Conclusion: a "single, restrictive & tested, marketplace" just provides a feeling of security, while giving up the user-freedom of installing any app. I prefer the freedom and am (so fa

    • by Reapman ( 740286 )

      As others have already said.. No. This involves using a 3rd party (non official) market, which requires you to set your phone to enable 3rd praty downloads. You have to go through hoops to make this happen. It's possible that phones out there in China come like this, however it's quite possible your HiPhone4 isn't really an iPhone too...

      I'm not aware of this happening on the official Android market, and in fact would be rather difficult. These guys are taking Market apps and repackaging them with the sp

    • Quality control != psycho restrictive walled garden.

      The Andriod Market isn't anywhere remotely near the perfect walled garden of happiness and friendship as the App Store, yet I don't hear of viruses or trojans propagating through it either. In fact the review / moderation system quickly weeds the chalk from the cheese, and all without some magical checklist that may or may not allow an app to pass on any given day.
    • Comment removed based on user account deletion
  • And this would be reason number 7329 to _not_ use alternative app markets, especially if they're hosted in China. The ability to install unauthorized apps is great, but that ability should only be used if you can download the apk file directly from someone you have reason to trust. I've done that a couple times and not had any problem.

    This may change slightly once Amazon and others start putting up their own app stores with their own authorization process, but that's entirely different from installing som
  • Could the PRC government be complicit in this? I mean, this only exists in Chinese third party app markets, right? It seems to me that, one, dissidents in China would be more likely to use app markets like that and, two, what state security apparatus like that in the PRC wouldn't drool and fall all over itself with an easy way to monitor cell calls within the state? Especially considering the PLA and government security/intelligence services actually employ uniformed hackers, and have many more in univer
    • by swb ( 14022 )

      I'd just delete PRC and call it "government complicity".

      That something like this shows up in the PRC makes it easy to assume that CPC/PLA were involved, but how do we know some other country isn't doing what you might call "target area testing" with their own software that's designed to be deployed in the PRC or even elsewhere?

      My sense is that PRC economy, especially the digital side of it, is probably "open" enough to allow other intelligence communities to operate with relative freedom. And if something

  • Build teleconference virus to call 1-900 number that charges $$$ per minute

    Deploy to 150,000 devices

    ...

    PROFIT!!

    In communist China, expensive phone number calls you.

  • Comment removed based on user account deletion
    • That or someone is looking for some particular piece of information, the target has a Symbian phone, and they have the resources to burn through the mass of target data (or the software on the compromised host does it for them.)

  • But... why? (Score:5, Insightful)

    by EasyTarget ( 43516 ) on Wednesday February 23, 2011 @12:07PM (#35291342) Journal

    When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.

    To what end? Does it record the call and then transfer the audio somewhere? or is there a whole army of hackers waiting to 'listen in' on the calls as they get conferenced to some central numbers. Oh, and what are these numbers and has anybody tried calling them?

    Or does it just add costs to your call by turning it into a conference call? If so does one particular Telco benefit?

    • by Dunbal ( 464142 ) *
      Or perhaps speech recognition software has advanced to the point where files can be scanned for words like "my credit card number is"...
  • welcome our new everything-is-my-business virus overlords.
  • ...or its walled-garden app store that protects your snowflakes from the evil world.
  • by future assassin ( 639396 ) on Wednesday February 23, 2011 @12:38PM (#35291642)

    Can someone explain to me why manufacturers of software are not liable for leaving gaping security holes in software they release and its always turned towards the user. Oh the user shouldn't have done this, that and the other (yes people are stupid for downloading from unofficial sources) but the system shouldn't be so exploitable from the beginning.

      No one learned from Windows all these years? What, too hard to create secure system? I guess its more important to give the consumer a new shiny every 6 months then actually create a secure system that runs on the shiny new thing.

    • by stjobe ( 78285 )

      We tried making the systems idiot-proof, but people kept coming up with better idiots...

    • What people have learned from Windows after all these years is that in general, US consumers would rather replace their electronics than reflash or reformat when they become compromised or otherwise less functional. Building a system with bulletproof security is actually counterproductive in the consumer market, since it would reduce how often a user purchases (or repurchases) the next big thing.

      On the other hand, the secure system mindset works fine for corporate software development. They just have to ch
    • They are not liable because you waive the right to hold them responsible for damages when you agree to the EULA or TOS.
      Security hasn't significantly improved during the history of personal computing because the average users wants features, not security. Did you choose your operating system based solely on security, compatibility with applications, or compatibility with the hardware you desired to purchase?
    • by gl4ss ( 559668 )

      buy a symbian phone with symbian signed problems.

      it's not hard to create a secure system, it's just hard to create a secure system and allow it to do things too.

  • In The execution channel [amazon.com], Ken McLeod imagines a camera firmware that can recognizes when 'pain or suffering' is being filmed and automatically transmits it to a pirate TV. It's not that far off when your average virus now listens to your calls...
  • Homeland Security is at it again, eh? Now they wanna conference in on every mobile call as it happens, so they can listen in real-time for those Seven Words (or something)?

  • It's better that you give up a few freedoms in the name of security so that you can get what you deserve..

  • How have people discovered this on their device? How have they removed it? Does any current AV on the main android market protect against or even detect these? I'm thinking of AVG, or is that no longer a reliable AV, I've personally not used AVG for a year or two.

    Most comments here are worried about what exactly this one virus does. I'd think as IT types the focus should be what can be done about it. (lets assume that we will be exposed to it) How do we prevent negative results from that exposure.

  • According to NetQin, the cybercriminals usually install the spyware on the phone by sending an MMS containing the spyware to users to lure them to click.

    In other words, moronic end users who click on anything are susceptible to exploits. News at 11. I'll start worrying the day they are actually able to produce zero user intervention Symbian malware, right now, in 2011.

There is very little future in being right when your boss is wrong.

Working...