Hi Geeks,
Trojan Steals Credit Card Numbers
It's only a proof of concept, but it's scary nonetheless. It's a
Trojan for Android phones that looks for credit-card numbers, either
typed or spoken, and relays them back to its controller.
Software released for Android devices has to request permissions
for each system function it accesses—with apps commonly requesting
access to the network, phone call functionality, internal and external
storage devices, and miscellaneous hardware functions such as the
backlight, LED, or microphone. These requests are grouped into
categories and presented to the user at the point of installation—
helping to minimise the chance of a Trojan slipping by.
Soundminer takes a novel approach to these restrictions, by only
requesting access to 'Phone calls,' to read phone state and identity,
'Your personal information,' to read contact data, and 'Hardware
controls' to record audio—none of which will ring alarm bells if the
app is marketed as a voice recording tool.
Further reference:
https://www.cs.indiana.edu/~kapadia/papers/soundminer-ndss11.pdf
Demo: http://www.youtube.com/watch?v=_wDhzLuyR68
Desk @ Schneier
Cheers,
0xN41K
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
