Android users targeted in drive-by download attacks

isoMorphic · 2nd of May 2012 (Wed)

"Based on our current research, NotCompatible is a new Android trojan that appears to serve as a simple TCP relay/proxy while posing as a system update," the advisory stated. "This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy."

http://arstechnica.com/gadgets/news/...ad-attacks.ars

Tony-S · 3rd of May 2012 (Thu)

This is why iOS is closed.

bikeboynate · 3rd of May 2012 (Thu)

Note to self - Do not system update my cellphone anymore-

Thanks for the heads up.

isoMorphic · 3rd of May 2012 (Thu)

Quote:

Originally Posted by Tony-S

This is why iOS is closed.

I wont even get into the debate of open vs closed environments as it's pointless. But just so you are aware Windows is closed too. And half the underlaying software technologies that make devices work today stem from both closed and open software. You may not actually know this but both Apple and Windows like every other OS are actually based on Unix at the core. OSX is actually a BSD variant like Sun and FreeBSD that was built and expanded upon previously existing technology.

http://support.apple.com/kb/TA25632?viewlocale=en_US
http://en.wikipedia.org/wiki/Compari...rating_systems

And if you think Android is the only vulnerable OS just you wait and see what the future holds for iOS.

http://techfragments.com/news/982/So..._Messages.html

Luckless · 3rd of May 2012 (Thu)

Sadly, Windows is NOT a Unix like, and went on for ages lacking some of the most basic protections offered by a Unix like environment, and even today is still less secure by design. It was built up over the years to avoid paying to license a Unix like environment to build off of. (And it has been a very nice system to work with for the most part.)

Open or closed source, it doesn't matter. If I want to I can take apart a closed source program and look at what each and every command does. (This is how they can actually run on a computer, all those "zeros and ones" actually mean something.) Sure, it is a lot harder to read, is a lot slower, and generally a larger pain, but perfectly doable. Once I know how something works, I can break it. (On purpose. With computers and software it is extremely easy to 'break' things by accident as well.)

But the thing about an open source community? I'm not reliant on some company to get around to fixing some issue. I don't have to wait for some bean counter to decide that the company will save more money fixing the issue than settling the few lawsuits that come up or off set the losses in customer base because people lose faith in the product.

But flip the coin around and most major close sourced projects are backed by major finances and can afford to dedicate staff to fixing issues, rather than relying on a community of often part time volunteers to take a fancy to something and make it their pet project.

Open or Closed, they're all just as open to attack and errors, and there is no great difference in the greater scheme of things.

So really, iOS isn't closed and limited for your protection. It is closed and limited for the purpose of lining the coffers at Apple, to make their lives easier, and to limit what a competitor can do to take advantage of a wide range of decent projects.

Tony-S · 3rd of May 2012 (Thu)

Quote:

Originally Posted by isoMorphic

And if you think Android is the only vulnerable OS just you wait and see what the future holds for iOS.

I'm still waiting on it to happen to OS X. It's been 12 years and nothing major has occurred. Android, on the other hand, has had many attacks. iOS - none.

isoMorphic · 4th of May 2012 (Fri)

Quote:

Originally Posted by Tony-S

It's been 12 years and nothing major has occurred.

Tony-S · 4th of May 2012 (Fri)

Quote:

Originally Posted by isoMorphic

Maybe you have been safe for 12 years but that does not mean Mac systems have been immune for all those years. The problem is that Apple users are often the type who want to believe that magical unicorns are inside protecting computer.

No, we just go by the historical data. You can point to lots of potential issues, but the reality any given Mac has virtually no chance of having malware on it, particularly if you avoid unscrupulous web sites. They just don't spread. So...

Ho, hum.

Codda · 4th of May 2012 (Fri)

Quote:

Originally Posted by isoMorphic

I wont even get into the debate of open vs closed environments as it's pointless.

And if you think Android is the only vulnerable OS just you wait and see what the future holds for iOS.

http://techfragments.com/news/982/So..._Messages.html

No debate here...move on please....

isoMorphic · 4th of May 2012 (Fri)

Quote:

Originally Posted by Tony-S

particularly if you avoid unscrupulous web sites. They just don't spread. So...

The same argument can also be made for Android.

Which has nothing to do with "unscrupulous web sites" and more to do with sites run by people who lack the understanding or don't care about security. That goes for almost anyone running a Word Press Blog or any popular script be it open source or not. In fact the very software that runs this forum has been the target of numerous attacks over the years which could potentially infect your Super Mac at anytime.

Btw are Religious sites unscrupulous since they too can spread bad stuff?

http://news.yahoo.com/religion-riski...192552733.html

Tony-S · 4th of May 2012 (Fri)

Quote:

Originally Posted by isoMorphic

In fact the very software that runs this forum has been the target of numerous attacks over the years which could potentially infect your Super Mac at anytime.

My Super Mac has been retired for years.

Quote:

Btw are Religious sites unscrupulous since they too can spread bad stuff?

Yes, but for other reasons.

The sky is not falling.

2nd of May 2012 (Wed)	#1
isoMorphic Senior Member Join Date: May 2008 Posts: 1,989	Android users targeted in drive-by download attacks "Based on our current research, NotCompatible is a new Android trojan that appears to serve as a simple TCP relay/proxy while posing as a system update," the advisory stated. "This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy." http://arstechnica.com/gadgets/news/...ad-attacks.ars

3rd of May 2012 (Thu)	#2
Tony-S Cream of the Crop Join Date: Jan 2006 Location: Fort Collins, Colorado, USA Posts: 9,216	Re: Android users targeted in drive-by download attacks This is why iOS is closed. __________________ Gear list "Raw" is not an acronym, abbreviation, nor a proper noun; thus, it should not be in capital letters. Beginner's guide to printing. The PoTN film thread. 

3rd of May 2012 (Thu)	#3
bikeboynate Goldmember Join Date: Aug 2011 Location: San Francisco Posts: 3,127	Re: Android users targeted in drive-by download attacks Note to self - Do not system update my cellphone anymore- Thanks for the heads up. __________________ *-Nate* 5D Mark lll + BG-E11 \| 60D + BG-E9 \| Rebel XSi \| 17-40 f/4L \| 24-105 f/4L \| 70-200 f/2.8L IS II \| EX430II x 2 \| 055XPROB \| 322RC2 \| Street Walker HardDrive \| Flickr \| My website: NMBPhoto \| Facebook

3rd of May 2012 (Thu)	#5
Luckless Senior Member Join Date: Mar 2012 Location: PEI, Canada Posts: 1,167 IMAGE EDITING OK	Re: Android users targeted in drive-by download attacks Sadly, Windows is NOT a Unix like, and went on for ages lacking some of the most basic protections offered by a Unix like environment, and even today is still less secure by design. It was built up over the years to avoid paying to license a Unix like environment to build off of. (And it has been a very nice system to work with for the most part.) Open or closed source, it doesn't matter. If I want to I can take apart a closed source program and look at what each and every command does. (This is how they can actually run on a computer, all those "zeros and ones" actually mean something.) Sure, it is a lot harder to read, is a lot slower, and generally a larger pain, but perfectly doable. Once I know how something works, I can break it. (On purpose. With computers and software it is extremely easy to 'break' things by accident as well.) But the thing about an open source community? I'm not reliant on some company to get around to fixing some issue. I don't have to wait for some bean counter to decide that the company will save more money fixing the issue than settling the few lawsuits that come up or off set the losses in customer base because people lose faith in the product. But flip the coin around and most major close sourced projects are backed by major finances and can afford to dedicate staff to fixing issues, rather than relying on a community of often part time volunteers to take a fancy to something and make it their pet project. Open or Closed, they're all just as open to attack and errors, and there is no great difference in the greater scheme of things. So really, iOS isn't closed and limited for your protection. It is closed and limited for the purpose of lining the coffers at Apple, to make their lives easier, and to limit what a competitor can do to take advantage of a wide range of decent projects. __________________ Canon EOS 7D \| EF 28 f/1.8 \| EF 85 f/1.8 \| EF 70-200 f/4L \| EF-S 17-55 Flickr: Real-Luckless

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
T-Mobile G1 Android Users??	adam8080	Astronomy and Celestial Talk	1	15th of May 2009 (Fri) 14:15
Download direct from A520 to USB flash drive	SAMa520	Small Compact Digitals by Canon	1	30th of July 2006 (Sun) 13:15