PIN-Locking Android Ransomware Comes To The U.S.

Status
Not open for further replies.

bogieboge

Reputable
Sep 11, 2015
1
0
4,510
0
Doesn't seem like a software security issue.
1. The user has to enable 3rd party apps and accept a warning about unverified apps
2. Intentionally download and install the app from an unknown source
3. Grant admin privileges (maybe unknowingly)
Android gives the users more leash by allowing the install of 3rd party apps. The users just need to be smart enough to not hang themselves with that leash.
 

jimmysmitty

Champion
Moderator


It is the same with Windows though. Although there is no lock on third party program installs (could you imagine the backlash?) people still need to do the same thing. Normally the same thing comes in an email that people click OK to.

My only point is that anything popular enough will find ways around most security. There are other cases, even Apple had this same virus plague Mac OSX.
 

jerm1027

Distinguished
Apr 20, 2011
404
0
18,810
11


I wouldn't say that exactly since linux is partitioned by default. A regular user can roam around in the user space all they want, but as soon as something attempts to modify the system, the user must confirm with a root password. With most Windows users, they are already admin/root and the User Account Control is a joke, and more of an annoyance than a security feature - it actually came from Linux, but because Windows is way more integrated, *everything* triggers a prompt. You can get a similar result by using Windows as a Standard User (most people don't), but it isn't exactly the same. For an example, I can't really run my VPN software without the password, and it never gave me an error, so it took me a while to figure out I needed to run the program as Admin.
 

house70

Splendid
Meh. Not really something average Joe needs to worry about. Too many security measures needs to be altered in order to make phone vulnerable, AND then one has to actively install malware from whatever source.
Sticking with Amazon Appstore, Google Play or any other reputable app store will be safe.
This thing is the equivalent of dousing your house in gasoline, then lighting a match and complaining afterwards that it burned down.

This reminds me of the article a little while ago about the vulnerability of jailbroken iPhones. Except there the "jailbroken" bit was (rightfully) included in the title. Here the security downgrading steps necessary to become infected with this thing are mentioned in the last paragraph. Maybe the title should include altered/modified/ or otherwise intentionally crippled Android phones. Just a thought of even-headedness for the OP when reporting such issues. No wonder some people think of Android as less secure, when in fact requires quite a few steps and a good amount of determination to screw- up with the default settings, followed by a suicidal will to install apps from shady sources.
I, for one, still have yet to encounter an infected phone in the wild.
 

LostAlone

Distinguished
Jan 3, 2011
296
0
18,960
52
Meh. Not really something average Joe needs to worry about. Too many security measures needs to be altered in order to make phone vulnerable, AND then one has to actively install malware from whatever source.
Sticking with Amazon Appstore, Google Play or any other reputable app store will be safe.
This thing is the equivalent of dousing your house in gasoline, then lighting a match and complaining afterwards that it burned down.

This reminds me of the article a little while ago about the vulnerability of jailbroken iPhones. Except there the "jailbroken" bit was (rightfully) included in the title. Here the security downgrading steps necessary to become infected with this thing are mentioned in the last paragraph. Maybe the title should include altered/modified/ or otherwise intentionally crippled Android phones. Just a thought of even-headedness for the OP when reporting such issues. No wonder some people think of Android as less secure, when in fact requires quite a few steps and a good amount of determination to screw- up with the default settings, followed by a suicidal will to install apps from shady sources.
I, for one, still have yet to encounter an infected phone in the wild.
I totally agree. The tech press has done such an appalling job reporting about Android recently. To just skim articles you'd think that Android phones are being hijacked left and right, hackers just barging through their awful security. But that's completely false. The only real flaw in Android is that if you really want to it'll let you turn off the safe guards and even then you need to go and acquire the malware basically off your own back.

Shock, horror - If you disable all the safeties and install software of dubious provenance then bad things can happen. That's every computer in the whole world.
 

kenjitamura

Distinguished
Jan 3, 2012
195
3
18,695
1
But Linux kernal... secure....

J/K. But this does show that anything that is popular enough will be vulnerable. Even Linux. It is just the way of the software.
You either didn't read the article or have poor reading comprehension. Either way this article cannot be interpreted as "android is insecure". A user has to explicitly disable a security feature, search for the malware on a dubious site, and install it with prompts before it can do anything.

I like house70's analogy of it being like dousing your house in gasoline and striking a match and then complaining that the house is on fire because it really is like that.
 

targetdrone

Distinguished
Mar 26, 2012
309
3
18,785
0
I find it funny how you catch this virus by looking at porn on your phone.
Actually I think most viruses are transmitted by looking at porn and other illicit data.
 

turkey3_scratch

Polypheme
Ambassador


Viruses come from the end user doing something stupid. Website viruses used to be huge, but the majority of them resulted from Adobe Flash, as it was highly used on every site in the past. With HTML5 and the absence of Flash on many websites, most viruses will now come from people downloading a program and running the executable.
 

house70

Splendid


Even watching porn can be done the stupid way (via your admin account on your main machine, using a poorly secured browser) or the smart way (I don't have to spell it for you, but it's basically the opposite of that).
 

Lodovik1024

Reputable
Sep 13, 2015
1
0
4,510
0
Another blow to Android security. This OS was quickly snapped together when Google saw the first iPhone and Android was shaky from the start. Linux was a terrible base to build a mobile OS on. It started messy and unresponsive and needed about 10 iterations just to become good enough. Lots of work still to be done by Google to correct these flaws. They will have to sacrifice compatibility even more along the way.
 

Dave K

Distinguished
Jan 13, 2009
115
0
18,680
0
The OS you choose is no longer anywhere close to the highest risk factor when it comes to getting viruses and malware. YOU (and me) are the primary risk by a long margin... and compromised programs that we choose to install (coughFlashcough) are probably #2. A user with safe habits can choose any of the current OS's and be safe... and if you make bad decisions then no OS will keep you safe.
 

house70

Splendid


Wow. Another fresh troll account created otacon-style. Same tired arguments without anything to back them up. Ignorance at it's best. Thanks for the laughs, kid
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS