Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Thursday December 01 2016, @02:46PM   Printer-friendly
from the droids-they-are-looking-for dept.

Check Point reports that more than one million Google accounts were breached, and more than 13,000 accounts continue to be breached every day via compromised Android devices. http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

Our research exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.

Check Point reached out to the Google Security team immediately with information on this campaign. Our researchers are working closely with Google to investigate the source of the Gooligan campaign.

The article also notes that Gooligan downloads a rootkit that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153).

Historically, many comments were made about the dangers of monocultures, in particular the MS Windows monoculture. With the migration away from desktops to handheld devices, and with google dominating the field for both the platform (Android) and many services (GMail), there seems no reason not to believe that there'll be the same kind of monoculture-related issues for many more years.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Runaway1956 on Thursday December 01 2016, @04:09PM

    by Runaway1956 (2926) Subscriber Badge on Thursday December 01 2016, @04:09PM (#435488) Journal

    Good point - but - I tend to agree with the monoculture statement. When a zero day exploit comes out, basically, the exploiters have access to more than half the telephones in the world. If we didn't have that huge monoculture, a new zero day exploit might be capable of accessing as little as 5% of the phones, or maybe as much as 30%. That is the one reason why Windows phones might be desirable, so long as they didn't corner the market. Here in the Linux world, there are a lot of exploits - but an exploit that affects a dedicated server may or may not have any affect on any given desktop. Exploits aimed at desktops are entirely dependent on each user's configuration. I'm immune to a lot of the better known and more serious exploits, simply because I don't want or need various services running. The various mono-cultures don't really give you the options I have on Linux. Your handset runs the services that your telco decided that it should run, and unless you root the device, there is little you can do about that.

    I wish more people would join our chaotic Linux club. I doubt that more then a couple hundred people in the entire world have configurations like my own. I doubt that more than 100,000 people even run my distro, and of those, few run my Desktop Environment. Someone would have to target me specifically, to get into my machine. About the only things my machine has in common with the greater pool of Linux machines, is a Linux kernel, and the directory structure.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2