TMCnet Feature
October 15, 2012

Android Malware is Easy to Build, but Kindsight Offers Protection

By Rich Steeves, TMCnet Web Editor

We hear repeatedly about the danger that hackers pose to our electronic devices, but sometimes we might be cynical, thinking that we really are safe from attack. Recently, I sat down with the team from Kindsight and they showed me exactly how easy it is for hackers to take control of an Android (News - Alert) device – and how Kindsight solutions can help deal with these types of attacks.

The team from Kindsight, vice president of marketing Brendan Ziolo and security architect and director Kevin McNamee, showed me just how easy it is for a hacker to take over your phone and access the messages, camera, calls and more. The hacker first takes a legitimate application, like a copy of the popular Angry Birds game, and injects the malware into the app. With the APK file, the hacker can simply open up the component parts of the app, disassemble it, get to the source code and drag and drop the malware right into the app. Then, after a quick change to the application and permissions, the hacker rebuilds the app and signs it. The infected app is now ready for distribution.

The above images show a few steps in that process, which McNamee showed me live. It took him just a couple of minutes to infect the app, which can then be uploaded to Google (News - Alert) Play (though infected apps are often taken down from that site in a matter of days), or to a third-party app site. Then, with a command and control console for the botnet, like DroidWhisper (pictured below), the hacker is ready to take control.

Since most people ignore the requests for permissions when installing a new app, they let the hacker right into their phones, which then pop up on the DroidWhsiper console. The users think they are playing their new Angry Bird games, but in the background, a program is communicating to the command and control console.

The team from Kindsight (News - Alert) showed me what functions the hacker could access. I saw the console discover the location of the device and all the information for the hijacked phone including contact lists. The hacker can then send a Toast message to everyone on the contact list in the form of SMS spam or as an e-mail. The hacker can even use the hijacked phone as a spamming platform, sending messages to entirely new lists of people. I saw the console take pictures from both the front and the rear cameras, too.

Now, according to the team from Kindsight, most security solutions have no protection against this sort of hacking. Client-only solutions will not catch this sort of botnet, because it has not yet been published and put out there for the public. This process can take days or weeks, and is the cause of an escalating cold war between hacker and anti-virus solutions. The Kindsight app, on the other hand, is an anti-virus product with a network component. It monitors network, seeing all of the traffic, noticing when something fishy is going on with Angry Birds and sending a security alert to the phone’s user, helping figure out which application caused the problem.

Once the user registers, the Kindsight app runs in the background as an anti-virus product. It catches known malware right away, and the network component is designed to catch new threats. If one is detected, the Kindsight alert pops up as the malware sends a message to its command site. It then scans to see which app is responsible, noting what is running and what apps are newly installed. The user can then uninstall the dangerous app, and the Kindsight team then knows the infection and can build an anti-virus signature for it. Kindsight gets malware samples on a regular basis, in the order of tens of thousands each day. In a dangerous world, it is the best possible protection against hacker attacks on your phone which, I’ve learned, are as easy done as said.

Edited by Rachel Ramsey
» More TMCnet Feature Articles


» More TMCnet Feature Articles