Schneier on Security
A blog covering security and security technology.
« Book Review: How Risky Is It, Really? |
| Location-Based Quantum Encryption »
August 2, 2010
Eavesdropping Smartphone Apps
Seems there are a lot of them. They do it for marketing purposes. Really, they seem to do it because the code base they use does it automatically or just because they can. (Initial reports that an Android wallpaper app was malicious seems to have been an overstatement; they're just incompetent: inadvertently collecting more data than necessary.)
Meanwhile, there's now an Android rootkit available.
Posted on August 2, 2010 at 9:21 PM
• 24 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Things are getting worse, not better, with respect to sucking up more privileges and data than necessary. Example: I own an Android phone (Google Nexus One) and had installed the Yellow Pages app. - useful for sure. However, the latest update added the ability to read/write from/to my contact list. I uninstalled the application because there is no (to me at least) conceivable reason why they need to have full access to all of my contacts (hundreds of people at many companies and organizations). Absurd! I can think of reasons why I might occasionally want to add a contact from the yellow pages, but not that they should have full read access to my contact list! This is just a disaster waiting to happen, IMO.
Bruce, the problem is not really with the "Haves" like us but the "Have Nots" like our parents and grandparents.
The question is how we establish a trust and verification system. We don't have to dig hard to find software that appears trusted but is not (linux repository). And I believe there was a code-signing issue in the news recently where someone managed to sign code with the private key of a trusted company (or two).
Even the heavily-policed Apple experience has suffered.
It's a minefield in your pocket :-/
The problem is that there is no way to deny individual permissions for android apps. It has been suggested many times, but Google always say no for silly reasons. Presumably the real reason is that you could then disable ads.
Write this on the wall, and imprint it in your brain:
"Not everything that *can* be done, *should* be done."
Corollary: "Just because a technology exists does not mean that you have to use it."
X years ago, none of this existed, and your life was fine. It will still be fine without it. Quit putting apps in your mobile phone, and just use it to make phone calls. *Non-sensitive* phone calls. (Yes, keep a landline phone -- horrors! -- for the more sensitive stuff. Of course it's still tap-able, but not by a ten-year-old half a world away with downloaded warez.)
Doesn't solve everything, but it's the Principle of Least Risk.
Having got an Android phone, I must admit I'm more than somewhat underwhelmed.
It has anoyances like the keyboard driver hangs so yo have to finish what you are typing by "hunt-n-peck" on the touch screen numeric keypad.
Also there is no easy way for a user to kill of a misbehaving app, which thanks to a poor implememtation of the IP stack over GPRS etc means it's a nightmare to use in low signal areas, areas with high contention ratio or on the move in even relativly slow moving public transport (T-mob sort your act out).
Then of course there is the extra problems caused by as you say "ET Apps" making things considerably worse and munching through your data alowance (yup you pay for these apps phoning home as well 8(
Let's say I'm not impressed especialy with buggy UI drivers, that cause you to either power down or worse (as in the case of this phone) take the battery out... it's inexcusable these days.
I have to confess I trust my iPhone with more info than I would an Android - walled gardens and closed (to Apps) system must offer a little more security!
And we should spare a thought for people in Saudi Arabia and the UAE who are about to lose security/anonymity on Blackberrys -
People there are losing a real and useful aspect of freedom of speech.
@uk visa - If you believe the hype about "Project Vigil," then people in the US (and perhaps elsewhere) lost security/anonymity a while back. At least the Saudis and those in the UAE are getting some warning.
Other areas on the intertubes have noted that people don't use cell phone for voice phone calls anymore, and that data transfer on cell phone networks has overtaken voice usage. In my humble opinion, the data is used for more than marketing purposes, as it is all collectable by the spy agencies for use in profiling you (remember total information awareness - now almost totally reborn). This replaces the loss of data when you formally only went through the telcom "hidden" rooms. Yeah, its a nice world out there and we are helping them out by buying and using these electronic data theft devices.
You use the word 'rooted' - I don't think it means what you think it means.
I have physical access to my iPhone. Game over as far as Apple is concerned. Sure, I have to have some technical expertise, but if I want to install a different OS, or a variation that allows running unsigned code then I can. I have physical access.
If you don't have physical access but you want access to a user's data, you write a trojan - something they believe is innocuous and therefore will give permission to run it. So the user has physical access, allows the software to run, and your trojan takes what it wants.
A rootkit would allow a remote attacker to access your data without him having physical access and without you needing to run a trojan.
Has iPhone been 'rooted'? Maybe, but the information provided in your link has nothing to do with that.
@Tom T.: Moreover, you may consider that anything put on the Net can potentially stay there indefinitely, and more stuff than you might think can be put together and connected to identify a specific person. Therefore, by posting on Bruce's blog, you're giving out information about yourself that you might possibly want to stay hidden.
The right thing to do is not to automatically accept everything new because it has advantages over the old, or to automatically reject everything new because it has disadvantages the old didn't have.
I can avoid every risk possible, and I'll still almost certainly be dead within the next two centuries. I'd rather accept some more risk and have some more fun and accomplish more things.
@ksol - "rooted" means "having gained root access" rather than "having installed a rootkit". (Though having installed a rootkit is one way of rooting a system, though not the only way. Another way is to guess the root password from a login that allows you to attempt to log in as root.)
Re: "Not everything that *can* be done, *should* be done."
I think that ignores the reality of the human condition. A more correct statement is: "If something CAN be done, someone WILL do it."
I don't understand the fuss over this. An Android phone is basically a portable computer that happens to make phone calls. I've used plain desktop computers for years with the ability to install unsigned apps. Yes, malware exists and you have to be careful what you install.
The primary difference between my PC and my Android phone is that the phone explicitly tells me what permissions the app is requesting before I install it.
That sounds better, not worse... am I missing something? Or are people more worried about the phone because of the potential to intercept voice calls?
"I think that ignores the reality of the human condition. A more correct statement is: "If something CAN be done, someone WILL do it."
Which is why we have the Darwin Awards...
@Clive Robinson: Which is why we have the Darwin Awards
Maybe there should be a blog post asking IT vets to post a computer or security equivalent of a darwin award.
Locally, we have a lot of fun talking about CLDs and CEDs (career limiting decisions and career ending decisions).
Has iPhone been 'rooted'?
Yes it has. The jailbreakme.com website exploits a PDF flaw to jailbreak the phone. "Jailbreak" entails altering the firmware.
It's pretty easy to find info on this, so I'll just point you here:
And I agree with the DF point: I wonder why this isn't being screamed about in the tech press for being a serious security flaw. Maybe because the exploit isn't malicious. Yet.
@ed: The iPhone crack exploits a PDF flaw? Gee, I haven't been this unsurprised since the sun came up this morning.
@ David Thornley: I'm perfectly aware of that, and not the least bit worried about what I posted here and what it reveals about me, or I wouldn't have posted it. And yes, I do take that into consideration before posting *anything* on the Net. (I do *not* have a Facebook page.)
(*** @ Bruce Schneier:*** OMG! Do you have any *idea* how much personal information you're giving out through these blog posts, comments, books, speaking appearances, interviews, NIST entries, etc.?)
You apparently misunderstood my OP. Your second paragraph sums it up pretty well. The problem is that some people think that they *have* to use every I-whatever, etc. that comes out. And that "one man's feature is another man's exploit". Please consider that last statement seriously before accepting some new technology.
I'm accepting risk by connecting my computer to the Internet, obviously, but it was a carefully-considered decision, with a number of safety precautions taken -- "least risk", while still enjoying many of the benefits.
@ Jim Five: What Clive said! ... adding only that just because someone does it, doesn't mean that we have to buy it, which was the intent of my OP.
@ Clive Robinson: ZING!!!!! Well done, Sir!
@ HJohn: *Love* the idea for the IT Darwin Awards, although there are fewer human fatalities from IT -- just ruined lives.
@Tom T: *Love* the idea for the IT Darwin Awards, although there are fewer human fatalities from IT -- just ruined lives.
Maybe not many human fatalities, but plenty of career killers and system fatalities.
Of course, Darwin Awards also have honorable mentions... given to those who survived yet displayed the traits of one who is likely to be a future award winner.
@ JimFive re: 'A more correct statement is: "If something CAN be done, someone WILL do it." '
Sorry, that's quite incorrect.
WILL someone greatly reduce the epidemic of overweight and obesity? We're...waiting...
Tuberculosis? XDR[Extensively Drug Resistant] TB? And now we have cases of XXDR TB.
And virulent e.coli? "If this strain [ST131] gains one additional resistance gene, it will become almost untreatable...which is very concerning," Dr. James Johnson @ VA Med Center in Minneapolis, MN.
Not only is Man consistently outwitted by these brainless, lethal creatures, but we enable their virulence by our abuse of the antibiotic weapons we invented.
@uk visa If you feel safer on an iPhone, it's only because you've been fooled by the infamous Apple "reality distortion field". If the iOS App Store approval process didn't catch a flashlight app that was secretly a full tethering app, it seems highly unlikely they're going to catch malware either. :-(
Bruce, here are some suggestions I have for Google. Give us a future Android OS that includes an app for us to see apps by security permission category and can see a developer's reason why it needs this permission, a link back to the developer's website (to see a TOS), and a link to uninstall the app. Google needs an automated tool that downloads new apps at random from the market and reviews them for security issues, flagging them to be manually reviewed by a Google engineer if it feels they need further consideration. Any app that activates your camera or microphone, or accesses your contacts or web browser history -- needs to show a popup dialog at least once with a "don't show this warning again for this app" before it may be used. Android needs to give us an app that lets us know what apps are memory resident even when they don't show up in the Task Manager. For instance -- ever click End All on a Task Manager, but then you clear memory, and it tells you 7 apps were closed? It's because those apps were services not shown in Task Manager.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.