Smile…You’re on Candid Camera – the dangers of living in an open source world

Security researchers have recently discovered a malicious Android app titled Adult Player that appears to offer free pornography but instead secretly takes pictures of users with the phone’s front-facing camera (Russon 2015). The app then holds the phone hostage and pressures the victim to pay a $US500 ransom through PayPal (Russon 2015).669735-2d0db2ae-55be-11e5-838d-6a3f8fd17c8a

669933-14a23b82-55bd-11e5-838d-6a3f8fd17c8a

Ransomware attacks are becoming a major threat to android_primary2-100586098-primary.idgeAndroid users downloading applications from third-party markets (Seals 2015). Indeed, Apple CEO Tim Cook has argued the rampant fragmentation of Android devices and OS versions is turning devices into a “toxic hellstew of vulnerabilities” (Edwards 2014).

However, the iOS App Store is not itself an impenetrable walled garden protected from malware. Cybersecurity experts predict that a new wave of iOS attacks will emerge as cybercriminals learn how to bypass Apple’s security controls (Gilbert 2015).

In 2013, security researchers managed to sneak a malicious app into the Apple App Store undetected, raising questions about Apple’s app vetting system (Schoon 2013). More recently, Masque Attack malware was discovered to emulate and replace existing legitimate apps, while Wirelurker attacks iOS devices through Apple Mac computers (Gilbert 2015).

ios-malware-threats-will-emerge-2015

As the number of iOS attacks continue to increase, Apple smashedapple1will focus on improving its bug resolution process. However, given the breadth of Android’s community of developers inspecting and improving its code, combined with its shorter feedback loops and open source model of continuous improvement that allow it to react and implement change faster, Android may just claim victory. After all, in the open source world, “given enough eyeballs, all bugs are shallow” (Raymond 2001).

Watch the YouTube video I created on this subject below:

Reference List:

Edwards, J 2014, ‘Tim Cook Just Ripped Android To Shreds’, Business Insider, 3 June, accessed 9 September 2015, <http://www.businessinsider.com.au/apples-tim-cook-just-ripped-android-to-shreds-2014-6>.

Gilbert, D 2015, ‘Significant iPhone and iPad malware threats will emerge in 2015’, International Business Times, 5 March, accessed 9 September 2015, <http://www.ibtimes.co.uk/significant-iphone-ipad-malware-threats-will-emerge-2015-1490577>.

Raymond, E 2001, ‘The Cathedral and the Bazaar’, Unterstein Net, accessed 9 September 2015, <http://www.unterstein.net/su/docs/CathBaz.pdf>.

Russon, MA 2015, ‘Adult Player Android porn app blackmailing users with secret photos and demands of ransom’, International Business Times, 7 September, accessed 9 September 2015, <http://www.ibtimes.co.uk/adult-player-android-porn-app-blackmailing-users-secret-photos-demands-ransom-1518808>.

Schoon, R 2013, ‘Malicious Jeklyy App Sneaks Into Apple’s Walled Garden, Doubts Raised About Vetting Process’, Latinos Post, 17 August, accessed 9 September 2015, <http://www.latinospost.com/articles/25720/20130817/malicious-jekyll-app-sneaks-apples-walled-garden-doubts-raised-vetting.htm>.

Seals, T 2015, ‘Led by Ransomware, Android Threats Surge 75%’, Info Security, 16 January, accessed 9 September 2015, <http://www.infosecurity-magazine.com/news/ransomware-android-threats-surge/>.

Advertisements

14 thoughts on “Smile…You’re on Candid Camera – the dangers of living in an open source world

  1. Great perspective on this week’s topic! Particularly with all the speculations from the readings and lecture on the factual information presented to us, personally my opinion has changed on the way apple invests itself in the consumer market. Yet this post has thrown another variable at me and sparked me to seriously consider the risks and potential dangers within using Android market. The comfort in owning Apple products is very reassuring knowing bugs and viruses for the most part can’t seep through the gatekeepers. Your YouTube video was simple in layout yet super effective in its communication. It allows the user to take in all your written information and still compare based on known facts, while not forcing an opinion. I didn’t realise this was happening, yet it doesn’t surprise me, with the freedom the android market gives users. There’s bound to be “trolls” such as the one you detailed who hold ransom. To further develop an understanding of the precautions we must take, this site (https://powermore.dell.com/technology/risks-using-open-source-software/) looks at the risks of open source software!
    Cheers, Sam.

  2. Hi, initially I thought this post was going to be all about the negative side/ downfalls of the Android. BUT I was proved wrong. I love how you have also mentioned the pitfalls of Apple’s app vetting system.
    I too like the YouTube video – it is clear, succinct and easy to follow, maybe a bit lengthy.
    What I find interesting about this Apple/Android debate is that on paper we are all agreeing that Android is the better system but the majority of us use an iPhone…
    The following link is a post that argues 5 points of why the iPhone still beats android http://www.dailydot.com/technology/iphone-features-android-doesnt-have/These 5 points are: consistency, the app store, malware marketplace, no more crapware and a home base.

    • Hello. Thank you for your comment! I will definitely keep the length of the video in mind for next time. The idea you raise is very interesting – we all recognise that Android is a more free and open system, however, Apple is still our preferred choice. The points raised in the article you provided would certainly be a reason for this.

      I think many people also feel a sense of safety and security buying Apple products and this is what drives repeat purchase. Even though there are many alternatives to Apple in the smartphone market, people do not consider any other brand due to Apple’s trusted reputation. As one article I found mentioned, Apple users have become ‘blindly loyal’ (http://bgr.com/2014/02/13/apple-loyalty-study-iphone/).

  3. Hi Giverny, great post! Good job with the media – great work on that video!
    You raise some great points, and it’s something I was thinking about while watching the lecture as well. Ted mentioned that Google have “no control over the platform, content or user” and while this sounds great, I wonder if issues could arise here? If anyone can make an app for Android, where is the quality control? It could cause unintentional damage to the device, or intentional situations like the example you gave above. And if that happens, who has responsibility for that? Does Android take any accountability for it? Should they? While being locked into Apple’s way of doing things, at least Apple users have a bit more security in that they know everything has been checked and secured (most of the time!)
    People love the idea of freedom and customisation, but I think it’s also important to think about the risks that come with that.
    Overall great post!

    • Hi Molly! Thank you for your insightful comment. You have raised some very thought-provoking questions. I am particularly interested in the idea you mention about whether Android should take accountability for these malicious apps. I believe Android does have a responsibility to its user base to ensure a safe and malware-free experience. While accountability needs to be enforced at the developer level by the people making apps, Android also has a duty to maintain a stricter oversight of what kind of content is moving into its system. Creating these different levels of quality control are essential to reducing the outbreak of malicious code that is inherent to the Android platform.

  4. Hi Giverny,
    This was a very interesting read! I had not heard of this app nor the ransom situation, that is crazy! One of the benefits of using the iOS operating system I suppose. Although, as you have mentioned there have also been recent cases of malicious apps snaking through the the virtual prison that is the iOS network.
    In theory, Apple’s walled garden App Store, where applications are fully vetted before being made available to customers has prevented widespread malware infection of iOS users. As a centralised point of distribution, the App Store provides users with confidence that the apps they download have been tested and validated by Apple.
    Like Apple, Google provides a centralised market for mobile applications. However, that is offset by the Android’s ability to install apps from third-party sources. Some are well-known and reputable, others are not, and this is what is problematic about an ‘open’ network. It really is a great debate, which coms down to preference and knowledge, with pros and cons evident from both sides.
    Finally, great video!

    • Hi Lara! Thank you for your comment. I agree, it is a very interesting debate. Third party app stores are indeed the biggest threat to Android’s mobile security. However, I have also come across many articles that argue Android malware is a greatly over exaggerated issue.

      Interestingly, Google recently reported that less than one percent of Android devices had a potentially harmful app installed last year (see here: http://www.pcworld.com/article/2905952/under-one-percent-of-android-devices-affected-by-potentially-harmful-applications.html). On the other hand, in a presentation last year, Apple’s CEO Tim Cook revealed a pie chart indicating that 99% of mobile malware is on Android.

      It is interesting how Apple and Android are competing in a war of statistics in the attempt to persuade consumers that their platform offers a safer user experience. From a marketing perspective, it would be very interesting to see whether such arguments have any effect on consumer’s preferences.

  5. Really good blog! you have done a serious amount of research and explained both the positives and negatives of open vs closed software. I learnt a lot from this blog especially the attacks of Apple (you never really hear about them). The youtube video was the icing on the cake you have nailed this topic!

    • Hi Jacqueline. Thank you for your comment. I found the point ‘When you need a vendor that will stick around’ to be an interesting argument on why not to use open source software. Doesn’t Android dominate the smartphone market? I don’t think people would choose Apple over Android because they fear Google will go out of business. Although the article is referring directly to proprietary software for business use, this is still a very interesting point. The debate of open vs closed systems is always centred around Apple vs Android. I wonder whether, beyond Android, there are other examples of where open source software dominates the market.

  6. Really great blog post, I love your take on this topic. You start out kind of bashing Android and the threats it’s users can face due to the open-sourced nature of it. But then you turn it on it’s head and point out that despite Apple’s supposedly ‘secure’ closed-source operating system, there are certainly the possibility of breaches there too. You tackled this issue by examining both sides of the debate which I really appreciate. Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s