Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday May 30 2018, @11:53PM   Printer-friendly
from the getting-more-than-you-paid-for dept.

Submitted via IRC for SoyCow3941

Avast has found that many low-cost, non-Google-certifed Android phones shipped with a strain of malware built in that could send users to download apps they didn't intend to access. The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps...

[...] The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under 'settings.' We have seen the dropper with two different names, 'CrashService' and 'ImeMess,'" wrote Avast. The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."

[...] Avast can detect and remove the payloads and they recommend following these instructions to disable the dropper. If the dropper spots antivirus software on your phone it will actually stop notifications but it will still recommend downloads as you browse in your default browser, a gateway to grabbing more (and worse) malware. Engadget notes that this vector is similar to the Lenovo “Superfish” exploit that shipped thousands of computers with malware built in.

Source: https://techcrunch.com/2018/05/24/some-low-cost-android-phones-shipped-with-malware-built-in/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by frojack on Thursday May 31 2018, @03:29AM (4 children)

    by frojack (1554) on Thursday May 31 2018, @03:29AM (#686578) Journal

    I'd tend to agree with your list, other than the GPS issue.

    I know you know that GPS isn't the problem, its that some features in the system relay your location to the phone manufacturer. GPS by itself does not reveal your location to anyone but you.

    Even the cell towers don't need to know precisely where you are, beyond which tower and lobe you are connected to.

    You can turn that GPS off, but then your maps are useless. Go ahead. Turn it off, and see how long before you want it back for some reason or another.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by AthanasiusKircher on Thursday May 31 2018, @04:50AM (3 children)

    by AthanasiusKircher (5291) on Thursday May 31 2018, @04:50AM (#686598) Journal

    You can turn that GPS off, but then your maps are useless.

    Umm, only if you don't know how to read a map. If you need a voice to tell you "turn left in 200 feet," that's not using a map. That's following directions. Your "real-time mindless following directions" apps may be useless without GPS. Your map apps definitely still can be very useful -- just search for where you are or where you want to go, etc. Follow the map, like people have been doing for hundreds of years.

    For very long trips or those with complicated directions, I often still print out directions. Otherwise, I use my map app at home before the trip, read the directions, orient myself to the areas I'll be going, and then drive... Like people did all the time in the past with a traditional roadmap. If I get lost, I can pull over and reorient, as you'd do with a traditional road atlas.

    Is this a huge price to pay for your phone not sending your life's location data to everyone? I don't think so.

    (Admittedly you miss out on real-time traffic, which can be useful in some situations. The few times I've turned on GPS in the past few years have been to get alternate routes due to severe traffic.)

    Go ahead. Turn it off, and see how long before you want it back for some reason or another.

    And what reason would that be besides navigation?? I admit the usefulness of navigation apps with GPS, though I rarely use them actively like that. But I've had a smartphone of one variety of another for ~10 years. I had GPS/location services enabled for the first year or so until I thought about the privacy implications. I've had it disabled for the most part ever since.

    What am I missing? Seriously? Facebook's ability to say "Athanasius updated his status at the mall"?? (I don't post to Facebook and rarely go to a mall, but that's the sort of nonsense I get.). Or maybe some restaurant review app nagging me to review the restaurant I just ate at? Why, o why would I desire to turn on GPS for that sort of BS?!

    There is one -- and only one -- good reason to turn on GPS other than navigation apps, and that's to avoid the 75 requests from apps and websites and whatever per day that want to know your location for no apparent reason. I'd be tempted to turn it on just to stop some stupid graphing calculator app from nagging me to turn it on to know my location... Except then you realize how many things truly want to spy on you.

    So yeah, so turn it off. And then realize how scary it is so you won't want to turn it back on ever again.

    • (Score: 2) by Runaway1956 on Thursday May 31 2018, @02:10PM (2 children)

      by Runaway1956 (2926) Subscriber Badge on Thursday May 31 2018, @02:10PM (#686735) Journal

      I can ditto some of your post. When maps went onto computers, or, rather, when I found that Rand McNally could be installed on a computer, I used it regularly. No GPS at all, just the map application. Then, along came Mapquest, and Google maps, and others. Sit at the desk at home, get directions, and print them out. Those directions worked perfectly well, without any need for GPS.

      I'm still partial to Rand McNally. Probably only because I'm far more accustomed to their maps, than any others.

      As you say, the ONLY person who needs to know where I am at any given moment, is ME!

      • (Score: 2) by kazzie on Thursday May 31 2018, @05:26PM (1 child)

        by kazzie (5309) Subscriber Badge on Thursday May 31 2018, @05:26PM (#686834)

        I might go a step further: I can appreciate a GPS-based estimate of my location (or I can manage without) but I'll decide which eay to go, thank you very much!

        • (Score: 3, Interesting) by Runaway1956 on Thursday May 31 2018, @05:54PM

          by Runaway1956 (2926) Subscriber Badge on Thursday May 31 2018, @05:54PM (#686848) Journal

          Old truck driving story? Our trucks had recently been equipped with Quallcomm communications and tracking hardware. The onboard software didn't give you routing information, at the time - maybe our company just didn't pay for it. Anyway, I took off on a run, and made my morning call to dispatch the next day. I was informed that I would be "fined" for being off route. "HUH?!?! What do you mean by "off-route"?" Apparently, Quallcomm had decided that the "shortest" route was the most southerly route - across Interstate 10. From where I started, it was a fair distance to get DOWN TO the Interstate, so I routed myself across northern Texas and the middle of New Mexico, intending to get on I-10 further west. Dispatch told me that I would have to pay for the "extra miles".

          At this point, I demanded that they figure up the miles, exactly.

          I got a sheepish reply that my route was actually about 50 miles shorter than if I had driven south to get on I-20 and then I-10.

          Over many years of driving, I screwed up a few times. But, overall, my "navigation" beats just about anyone, except maybe the Household Mover's Guide. THOSE silly bastards will route you down rural roads that two horses can't pass safely on!

          If interested in HHG and "practical miles", this link is pretty informative. https://www.overdriveonline.com/lets-be-practical/ [overdriveonline.com]