Mobile
11/29/2013
08:06 AM
Connect Directly
RSS
E-Mail
100%
0%

Android Security: 8 Signs Hackers Own Your Smartphone

Security experts share tips on how to tell if attackers are in control of your Android smartphone.
Previous
1 of 8
Next

Searching for signs of Android infection

Image (derived) courtesy of Flickr user .RGB..
Image (derived) courtesy of Flickr user .RGB..

How can you tell if your Android smartphone or tablet been pwned?

That was the question recently posed by one InformationWeek reader, who suspected that her phone had been compromised by attackers. "I've only owned my Droid phone for two months and had a Trojan horse panic attack, and wiped my phone," she said via email.

Can you tell by observation alone if your Android device has been infected with malware? On Windows PCs, for example, some types of infections leave no signs at all. Conversely, some virus, malware, and Trojan infections -- as well as adware and spyware -- may slow systems to a crawl, begin redirecting browsers to arbitrary websites or search engines, trigger pop-up ads, block access to information security websites, disable security software, alter the user interface, or email everyone in your address book, leading to a flurry of outraged emails, bounce-backs, and warnings from recipients. 

As with some Windows infections, some types of Android malware might sport telltale signs of infection. For example, the reader -- who asked not to be named -- said she became concerned when a text message preview appeared on her lock screen, then mysteriously disappeared and couldn't be found. Perhaps not coincidentally, she'd also recently installed an app -- but not from the official Google Play store.

"What happened was I downloaded an app from a non-Play store site -- against my better judgment. Then not too long after I was looking at some article about security issues, and I had something really bizarro happen," she said. "A text notification with a partial preview flashed in my notifications bar and then vanished -- from a number not in my contacts. ... I went into my text messages app to try and read the full message, and it wasn't there. At that point I panicked and was convinced my phone must be hijacked -- even though nothing else seemed amiss -- and just wiped it." 

But was her phone infected? And if it was, how might other Android users spot a malware attack? Recent versions of the Android operating system, as well as mobile antivirus software, can help spot and block malware-infection attempts. But neither approach is infallible. So no matter which security tools you might be using, be sure also watch for the following telltale warning signs:

 

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
mrhobbes
100%
0%
mrhobbes,
User Rank: Apprentice
7/9/2014 | 9:21:59 AM
Android Security needs to be increased
Nice article on Android Security, Mathew, Great work.

 

Android is more prone to malware impacts due to Google's loose developer agreement, you can check it on my blog post regarding the same topic http://goo.gl/LyLHse you can of course, give your opinion regarding the same.  If Google increases there security measure, then surely a lot of malware and PAU's can be avoided.
anon9673719294
50%
50%
anon9673719294,
User Rank: Apprentice
6/26/2014 | 2:37:51 AM
Interesting
I recently found a useful app in Amazon that not required any unnecessary permissions and store all your passwords - MyPasswords
pnally
50%
50%
pnally,
User Rank: Apprentice
12/12/2013 | 11:52:21 AM
I'm only seeing 7 "signs"
I'm only seeing 7 "signs" listed in the article...  Was it hacked?  ;)
anon6601743669
0%
100%
anon6601743669,
User Rank: Apprentice
12/11/2013 | 9:10:33 PM
Re: MISCONCEPTION
Jailbreaking is an iOS term because Apple keeps iSheep in jail as it where with the locking down of the OS.  Rooting on the Android side is from the Linux world, which basically means you gain root access of the OS.
WayneT637
50%
50%
WayneT637,
User Rank: Apprentice
12/10/2013 | 12:47:36 AM
The Benefits of Rooting-
The first benefit of accessing administrator privileges over Android is full control over the applications installed on your handset. No longer do you have to suffer from the cluttered app drawers and reduced memory space taken up by pre-installed carrier and manufacturer applications, you can instantly cut the bloatware and keep only the apps that you really want.

Even if you're up to date with Android 4.1 or above, which grants users the ability to disable these pre-installed apps if you don't want to see or use them, you can't permanently remove them, they're still there eating up your memory space. Rooting is the only way to permanently get rid of these pesky apps, but please don't uninstall something crucial or your handset may stop working properly. Apps like Titanium Backup are particularly helpful for organising and culling this bloatware.

 

This brings me nicely on to the next major benefit of Android, improved backup and restore options. As already mentioned, Titanium Backup is one of the most popular backup apps used by rooters, and this, or a similar app, is essential if you're going to start tinkering around with Android software. But as well as acting as a safety net in case you uninstall something important, Titanium Backup can also be used to backup your user data, from SMS messages to browser bookmarks.

ClockworkMod Recovery Backup Cropped
ClockworkMod Recovery offers superior protection against faulty updates and bricking your handset.
Even better still, once rooted you can create complete backups of your entire handset using the ClockworkMod Recovery option, providing you with extra protecting in case of a major malfunction. Recovery can only be accessed before booting into Android, but it provides additional backup options in case, for whatever reason, Android fails to boot properly or experiences a crippling error. This makes ClockworkMod Recovery an essential tool for those looking to install custom versions of Android.

Once you're fully backed up you're ready to move up to one of the other major perks of rooting, installing different versions of Android.

We all know that manufacturers are often pretty slow at delivering the latest Android offerings even to their flagship handsets, let alone aging devices. So if you're not a Nexus or Play Edition device owner, rooting opens the door to much faster Android updates, thanks to the developers who put time into porting the latest updates to various handsets.

Pretty much every semi-popular handset has a decent following of developers working on porting the latest versions of Android to their handsets, most of which can be found over on the XDA Forum. The only sacrifice here is that you won't receive official manufacturer versions of Android, so no updated Touchwizz or Sense5 features, but if we were really too worried about that we probably wouldn't be rooting in the first place.

 

If stock Android isn't your thing, there are also tons of other customized ROMs offering unique features and improvements to the default Android experience.

AOSP has given us so many custom ROM's, and has extended the lifespan of many an Android.
AOSP has given us so many custom ROM's, and has extended the lifespan of many an Android handset.
I'm sure you've all heard of the biggest names, CyanogenMod, Paranoid Android, MIUI to name just a few of the most popular ones. Many custom ROMs are actually at the forefront of innovation on Android, offering several features that aren't available anywhere else. Paranoid Android's Halo feature or OmniROM's multi-workspace mode are just a couple of examples.

But as well as these big third party developments, you'll also find a lot of smaller developers tweaking away at the core Android experience, offering ROMs with vastly superior battery life or overclocked processor speeds. Not to mention that most custom ROMs are updated to the latest version of Android very quickly too, bringing you the best of both worlds.

As rooting opens up administrator type privileges on your handset you'll instantly have access to all the core files on your handset. File browser apps can take full advantage of this, allowing you to move stuff around on your internal memory if so require.

App wise, we've already touched on Titanium Backup, but there are far more apps that can make use of root permissions, and simply aren't available with a non-rooted device. The speed junkies among you could take advantage of overclocking software to boost performance or save on battery life, providing that your Kernel supports overclocking. Alternatively, fans of custom ROMs can use a ROM manager to install and update their operating system without the need to flash zip files from Recovery.

Rooting is sometimes criticized for compromising handset security, but security apps, such as Cerberus, use root functions to bury themselves deep down into the operating system, making them hard for would be thieves to remove. These apps can also be granted permissions that aren't available on unrooted devices, such as access to GPS data even when the device is locked.

There's also additional gesture apps, data syncing software, and even theme managers to customize the look of your handset.
sjennison
50%
50%
sjennison,
User Rank: Apprentice
12/9/2013 | 8:19:59 PM
Re: MISCONCEPTION
Agreed. In fact, custom ROMs are generally more secure, due to constant updates(nightly, weekly, or monthly, depending on the developer). That is assuming, of course, your ROM dev is fast on their updates.

In fact, the major "master key" exploit, which is one of the biggest security holes, was patched by Cyanogenmod long before the vast majority of manufacturers got around to fixing it.

http://www.ubergizmo.com/2013/07/cyanogenmod-10-1-2-fixes-android-master-key-exploit/

Also, generally rooting allows you to do things like fix the security holes in the system. Rooting installs a root control app (Superuser/SuperSu, etc) that restricts access to only apps the user allows. While the device can still be comprimised using privledge escalation vulnerabilities just like any other device, rooting will not make your device insecure. The very fact that a device can be rooted using exploits means it is inheirently insecure due to those same exploits. A malicious piece of software could exploit them just as easily. Rooting doesn't change that, unless you go deeper and actually fix the hole (assuming you can). Hence where custom ROMs come in - when a vulnerability is found, they release patches in less than a month. The only other OEM who comes close to that speed is Google. Nearly every other manufacturer takes months if not years to push an update through to end users.
krishel67801
100%
0%
krishel67801,
User Rank: Apprentice
12/5/2013 | 2:47:00 PM
google aps
Google Play Store is malware in itself.  I have numerous aps that require play store services to be activated.  Play store then accesses your phone whenever it wants to.  Also play store will not allow aps that block advertising to be obtained thrrough them.  Another good reason for rooting your phone.  Take control away from google.
Aroper-VEC
50%
50%
Aroper-VEC,
User Rank: Apprentice
12/2/2013 | 10:31:04 PM
Re: MISCONCEPTION
Jailbreaking and rooting are synonymous. This is because of the nature of the action. Technically speaking, you use root access to jailbreak a device running iOS. It is only called "rooting" in Android because they want to be different than anything having to do with Apple but, the sum result is the same. When jailbreaking an iOS device in order to unlock the device and load a "clean" or alternate version of the OS and to get rid of bloatware you are doing the same thing in Android. The term is irrelevant since the process and the result are the same.
Lorna Garey
100%
0%
Lorna Garey,
User Rank: Ninja
12/2/2013 | 10:36:22 AM
Re: You Can't Fix Stupid
That's certainly true about stupid, and that some people download shady apps on a whim. However, legit apps ask for so many permissions now that I think the average user gets numb to it. I can see why a couponing app needs location data, but why does a game need to know if I'm at a mall?

App makers should stop with the "permissions bloat" -- that would be a big step toward helping people be more aware and selective. But given retailers' and vendors' hunger to collect more and more data, will that bloat reduction ever happen? Color me skeptical.
Mathew
100%
0%
Mathew,
User Rank: Apprentice
12/2/2013 | 5:45:57 AM
Re: MISCONCEPTION
Thanks for the terminology catch, IamWayne (brain freeze on my part); yes jailbreaking an Android is usually known as rooting it.

In terms of rooting your phone making it more vulnerable to attack, I respectfully disagree. Rooting your phone means that more apps will be able to run with root-level privileges. This increases the chance that your device can be compromised, or that a compromise will have more severe repurcussions. 

The caveat, of course, is that if you know what you're doing, then your risks likely decrease. Likewise, it's great to nuke the bloatware installed by carriers. But the takeaway is that if you don't know what you're doing, then you're probably better off not rooting your phone.

In terms of the risks of rooting being a lie "perpetrated by those in the media," as indicated in my piece, this analysis comes via Marc Rogers, principal security researcher for mobile security firm Lookout. His analysis, by the way, is not an outlier.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.