Tuesday, 13 December 2011

Malware. The modern way to mug people.

OK, so a fair few people recently got hit by malware that they loaded onto their phones. Android phones, to be precise. It would appear that the software packages (Applications, or as lazy people call them, "Apps") they installed to their phones were slightly modified popular games. The uploader of these games cracked them open like a PiƱata,and inserted some of his own lines of computer code, before closing them up again, and uploading them to the Android marketplace. The changes caused any phone loading this package to send text messages using premium-rate numbers.

I recently got an Android phone too... and I'm careful...

Now, if you've been reading this Blant for any length of time, you'll have noticed that I recently took delivery of a shiny new HTC Sensation, one of their flagship Android phones. It's a very nice phone, too. But I'm very selective about what I download to the phone - especially in the way of software packages. And I ALWAYS check the permissions that these packages want to access.

For example, is there any valid reason for a game to access any type of messaging, browser history, contacts, or, in fact, anything other than the sleep function of the screen (to stop the thing shutting down after twenty seconds of inactivity), and maybe internet access to show you advertisements as you play a 'free' game? No? Then don't install the damn thing. "Simples" (insert Merekat-like tongue sucking sound now).

If it's asking for the keys to the safe...

Simply put, if a software package is asking for the electronic version of an all areas pass to rummage around your phone, willy-nilly, then you can bet the last fiver in your wallet (the one you were going to buy a pint of beer with) that something is Not Exactly Kosher with that package, and that you ought to drop it like a hot coal, like right that blasted second.

I would have thought that this would be common sense to people these days, what with the phrase InfoSec (and variations thereof) having been tattooed onto their foreheads by the popular media over the last couple of years, but apparently this is not the case. As evidenced by this latest electronic mugging.

And, just to add insult to injury, apparently Microsoft are getting in on the act, and asking people who got enraged by their own stupidity to defect to a Microsoft Windows mobile phone. There's a Twitter trend on it already, would you believe. Look up #droidrage over there. You'll see it yourself.

Pardon me? They did what?!

You heard - I mean read - what I said. Microsoft, the paragon of insecurity (evidence the sheer mountain of viruses, malware, etc., that have hit their products over the years, causing them to have to 'patch' them repeatedly to close these security holes more times than I've had hot dinners, it seems), are spinning this to read like the Android Apocalypse, saying that Android is full of security holes. Wellllll, maybe it is, and maybe it isn't, but HA! Microsoft're FINE ones to talk, really! Can you say "Sheer hypocrisy"?!

But who's really responsible for this?

And yet... it's the phone owners, the users who got hit, who are to blame. Yes, really. They rolled snake-eyes, and failed to make two basic security checks.

First, they FAILED to ensure that they were getting the genuine games, from the genuine producer. Here's a hint: Angry Birds is made, and distributed through the Android Market, by a company called "Rovio". you can check this with a simple Google search. Try it. If the supplier blurb in the description of the package on the Android marketplace says it was uploaded by, say, Fred Bloggs, for example, then maybe, just maybe, you should avoid it like the bloody plague. There's your first blasted clue.

Then, they FAILED to check what permissions the packages were asking for. See above for why this is necessary.

And now, like children caught with their hand in the cookie jar, they're blaming everyone but themselves for screwing up.

Good practice is always good sense.

Google, who run the marketplace, give us solid advice when we use the place. Check the permissions. I go one step further, and check the supplier too. It's a belt and braces approach to a world that'll steal the trousers right off your legs, given half a chance.

The point is, you cannot, ever, be too damned careful. These electronic thieves and muggers are getting more clever by the minute, and you can't give them a chance, as they'll take your wallet, identity, and possibly the whole of your life history too, in an instant: They have no scruples, or even morals.

Don't cry foul when there isn't one, and don't crow.

So, don't blame others for your cock-up. Blame yourself.

And tell Microsoft to stop being so hypocritical. It's not pretty, and it's certainly not clever.

No comments: