Vor ein paar Tagen sorgten zu Malware umfunktionierte Kopien beliebter Apps in der Netzwelt für viel aufgeregtes Tastengeklapper. Google hatte die entsprechenden Anwendungen zwar ratzfatz aus dem Android Market entfernt, sich darüber hinaus aber bedeckt gehalten. Nun gab es ein offizielles Statement – und Infos zu künftigen Gegenmaßnahmen.
Schädliche Codes fanden sich in demnach den Rootkits von insgesamt 58 Apps. Rund 260.000 User luden sich die kompromittierten Datenpakete herunter. Google geht jedoch davon aus, dass kein Nutzer um seine persönlichen Daten fürchten muss. Allerdings könnte die IMEI-Nummer des Smartphones könnte an Dritte übermittelt worden sein.
Um für künftige Bedrohungen im Allgemeinen und solche Szenarien im Speziellen besser gewappnet zu sein, arbeitet Google an einer „Remote Kill“-Funktion, mit der sich Malware per Fernzugriff von infizierten Android-Geräten entfernen lassen. Der User muss dabei überhaupt nicht tätig werden. Von der ersten Malware-Welle betroffene Smartphones sollen zeitnah mit einem Sicherheitstool namens „Android Market Security Tool March 2011“ versorgt werden, mit dem die Trojaner gelöscht werden können. Das Tool befindet sich bereits im Android Market.
Wie Techcrunch betont, lassen sich ähnlich gelagerte Attacken zumindest mittelfristig kaum vermeiden. Google könne betroffene Geräte zwar säubern, nicht jedoch das Sicherheitsloch flicken. Zwar ist ein entsprechendes Patch auf dem Weg, um es zu installieren, ist jedoch ein System-Upgrade notwendig – so dass bei der Auslieferung Netzbetreiber und Smartphone-Hersteller aktiv werden müssten.
In aktuellen Android-Versionen (ab 2.2.1) sei das Problem zwar längst behoben, die meisten Geräte liefen jedoch aufgrund der schlechten Updatepolitik vieler Hersteller und Provider noch mit älteren Versionen.
Außerdem plant Google offenbar die Einführung einer Qualitätskontrolle, die verhindern soll, dass Malware überhaupt im Android Market auftaucht. Details gibt es zu der Angelegenheit allerdings noch nicht: „We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.“
Hier der komplette Eintrag aus dem Google Mobile Blog:
On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application:
- We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
- We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
- We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
- We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.
For more details, please visit the Android Market Help Center. We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future.
Folgende E-Mail erreichte zudem Nutzer, die sich eine der betroffenen Apps heruntergeladen hatten:
You are receiving this message to inform you of a critical issue affecting your Android Market account.
Hello,
We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.
According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).
However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.
To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.
For more details, please visit the Android Market Help Center.
Regards,
The Android Market Team
[via techcrunch, Google Mobile Blog]
| Zur Foto-Galerie |
Foto-Galerie
[...] Google kann über eine Remote-Funktion Schadensprogramme aus dem Android Market und von allen Android-Handys entfernen. Aber Androids Offenheit ist nach Einschätzung von Kaspersky-Virenjäger Yury Namestnikov Fluch [...]
Pingback by Android ist der neue Traum der Virenschreiber « Googlereport – Google-Experte Lars Reppesgaard — 24. Mai 2011 @ 07:31