That malware with its own backdoor into Android’s framework? Don’t worry Google’s on it. (Gulp!)

That malware with its own backdoor into Android’s framework? Don’t worry Google’s on it. (Gulp!)


Google last week (June 6) confirmed that cyberthieves had managed to pre-install malware into the Android framework backdoor. In short, the malware appeared to be blessed by Google at the deepest point within Android.

“In the Google Play app context, installation meant that [the malware] didn’t have to turn on installation from unknown sources and all app installs looked like they were from Google Play,” wrote Lukasz Siewierski, of the Android security and privacy team, in a blog post. “The apps were downloaded from the C&C server and the communication with the C&C was encrypted using the same custom encryption routine using double XOR and zip. The downloaded and installed apps used the package names of unpopular apps available on Google Play. They didn’t have any relation to the apps on Google Play apart from the same package name.”

Enterprise CISOs and CSOs, along with CIOs, are discovering that trusting the major mobile operating system companies today — Apple and Google — to handle their end of security protections is foolhardy. Due to the nature of the Apple ecosystem (a total of one handset maker, which allows for a much more closed system), iOS is slightly more secure, but only slightly.

Still, Google’s new admission certainly makes Apple look a little better in the security area. The issue isn’t with the operating systems per se — both iOS and Android have reasonably secure code. It’s with apps offered to enterprises and consumers through the officially sanctioned app depositories. Enterprise security pros already know that neither Apple nor Google does a heck of a lot to validate the security of the apps. At best, both are checking for policy and copyright issues far more than the presence of malware.

But that’s dealing with true third-party apps. Apps coming directly from Apple and Google can be trusted — or so was thought until Google’s disclosure.

The incident that Google admitted happened some two years ago, and the blog post didn’t say why Google didn’t announce it at the time, or why it chose to now. It might be that Google wanted to make sure it had sufficiently closed this hole before announcing it, but two years is an awfully long time to know about this serious a hole and be silent about it.

So what actually happened? Google gets points for publishing lots of details. The background to Google’s story begins a year earlier than this — so, three years ago —  with a series of spam ad-displaying apps called Triada.

“The main purpose of Triada apps was to install spam apps on a device that displays ads,” Siewierski wrote. “The creators of Triada collected revenue from the ads displayed by the spam apps. The methods Triada used were complex and unusual for these types of apps. Triada apps started as rooting trojans, but as Google Play Protect strengthened defenses against rooting exploits, Triada apps were forced to adapt, progressing to a system image backdoor.”



Source …

Related Post

Share this page...
CBDPet CBD Hemp Oil Extract Dietary Supplement

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.