Mobile
11/29/2013
08:06 AM
Connect Directly
RSS
E-Mail
100%
0%

Android Security: 8 Signs Hackers Own Your Smartphone

Security experts share tips on how to tell if attackers are in control of your Android smartphone.
Previous
1 of 8
Next

Searching for signs of Android infection

Image (derived) courtesy of Flickr user .RGB..
Image (derived) courtesy of Flickr user .RGB..

How can you tell if your Android smartphone or tablet been pwned?

That was the question recently posed by one InformationWeek reader, who suspected that her phone had been compromised by attackers. "I've only owned my Droid phone for two months and had a Trojan horse panic attack, and wiped my phone," she said via email.

Can you tell by observation alone if your Android device has been infected with malware? On Windows PCs, for example, some types of infections leave no signs at all. Conversely, some virus, malware, and Trojan infections -- as well as adware and spyware -- may slow systems to a crawl, begin redirecting browsers to arbitrary websites or search engines, trigger pop-up ads, block access to information security websites, disable security software, alter the user interface, or email everyone in your address book, leading to a flurry of outraged emails, bounce-backs, and warnings from recipients. 

As with some Windows infections, some types of Android malware might sport telltale signs of infection. For example, the reader -- who asked not to be named -- said she became concerned when a text message preview appeared on her lock screen, then mysteriously disappeared and couldn't be found. Perhaps not coincidentally, she'd also recently installed an app -- but not from the official Google Play store.

"What happened was I downloaded an app from a non-Play store site -- against my better judgment. Then not too long after I was looking at some article about security issues, and I had something really bizarro happen," she said. "A text notification with a partial preview flashed in my notifications bar and then vanished -- from a number not in my contacts. ... I went into my text messages app to try and read the full message, and it wasn't there. At that point I panicked and was convinced my phone must be hijacked -- even though nothing else seemed amiss -- and just wiped it." 

But was her phone infected? And if it was, how might other Android users spot a malware attack? Recent versions of the Android operating system, as well as mobile antivirus software, can help spot and block malware-infection attempts. But neither approach is infallible. So no matter which security tools you might be using, be sure also watch for the following telltale warning signs:

 

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
shakeeb
100%
0%
shakeeb,
User Rank: Apprentice
11/30/2013 | 12:36:39 PM
Re: You Can't Fix Stupid
Furthermore as an additional feature, appropriate protocols are used to protect sensitive data at the network level.
shakeeb
0%
100%
shakeeb,
User Rank: Apprentice
11/30/2013 | 12:29:00 PM
Re: You Can't Fix Stupid
Great article. However as per the reading I have done, security features are built into the operating system itself to reduce the frequency and impact of security issues.
elysian
50%
50%
elysian,
User Rank: Apprentice
11/30/2013 | 8:31:57 AM
You Don't Jailbreak Android: You ROOT It.
Jailbreak is for iOS.
J_Brandt
50%
50%
J_Brandt,
User Rank: Apprentice
11/29/2013 | 3:12:51 PM
You Can't Fix Stupid
Some great tips.  Sadly many of the people I know who download apps on a whim, who don't bother to read the service agreements, would not have the gumption or ability to dig deep to find any patterns or issues.  To quote Ron White, "you can't fix stupid."  They might notice the battery drain :)
IamWayne
67%
33%
IamWayne,
User Rank: Apprentice
11/29/2013 | 9:54:44 AM
MISCONCEPTION
Some of this is good information. However, the part about as you call it "jailbreaking", in Android it's called rooting. That does NOT make your phone vulnerable. That is a LIE that has been perpetrated by those in the media who do not have a clue. There are many advantages over rooting your Android phone as apposed to leave the malicious mobile carrier bloatware on it. Please research your articles and stop mis-leading the public with misconceptions.
Laurianne
33%
67%
Laurianne,
User Rank: Apprentice
11/29/2013 | 9:19:36 AM
Smart Android tips
Great tips on Android pawnage, Mat. Anyone want to share your earliest clue your Android was in hacker hands?
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4734
Published: 2014-07-21
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVE-2014-4960
Published: 2014-07-21
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVE-2014-5016
Published: 2014-07-21
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to appl...

CVE-2014-5017
Published: 2014-07-21
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter...

CVE-2014-5018
Published: 2014-07-21
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.