Feature Article

February 25, 2015

Android Malware Hijacks the Phone When It's 'Off'

Taking a page from Hollywood blockbusters, a newly discovered malware hijacks Android mobile phones when owners believe they have switched them off—allowing a phone to be tracked, or used to take pictures, send surreptitious messages, or record and make calls.

The security team at AVG mobile first uncovered the malware, which it has dubbed Android/PowerOffHijack. Essentially, it hijacks the shutdown process and the device remains functional even though it appears to be off. After pressing the power button, the phone displays an authentic shutdown animation, and the phone appears off, with a black screen—only, it isn’t.

First seen in China, the malware has spread through Chinese app stores, with around 10,000 devices infected so far, AVG noted.

The malware affects versions of Android older than V.5 (Lollipop) and requires root permission to hijack the shut-down process.

This is the latest Android bug—and sadly, won’t be the last. While Google actively polices the Google Play Store to weed out malicious apps, the OS remains an attractive target for hackers thanks to the sheer numbers of apps for the platform. And, third-party app stores often have no such

And, there are rampant vulnerabilities to be concerned about. Earlier this week, McAfee noted that more than 70 percent of the 25 most-downloaded mobile apps that were found to be vulnerable to Man in the Middle attacks last year, still not been fixed.

The Intel Security vendor’s McAfee Labs Threats Report for February 2015 found that a whopping 20,000 Android apps failed to validate SSL certificates via HTTPS properly, thus exposing them to MITM attacks.

In testing, McAfee researchers were able to execute proof of concept attacks that stole log-ins for third party services like social network accounts and Microsoft OneDrive, as well as “credentials that belong to their own systems and services.”

Any issue like this has the potential to affect a huge user base. For example, the most popular insecure app analyzed by McAfee has been downloaded 100-500 million times.




Edited by Maurice Nagle


FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter