Google vanishes 'DroidDream' malware from citizen phones
Android 'kill switch' flipped
Google has acknowledged that it removed "a number" of malicious malware applications from the Android Market on March 1, and it has now reached out over the airwaves to remove the apps from end users devices as well.
Last week, reports indicated that more than 50 Android apps had been loaded with info-pilfering software known as DroidDream. Google immediately responded by pulling the apps from the Market, but the company remained silent on the matter until tossing up a blog post on Saturday evening.
According to Google, the malware exploited known vulnerabilities that had been patched in Android versions 2.2.2 and higher. Google "believes" the attacker or attackers was only able to gather device-specific information, including unique used to identify mobile devices and the version of Android running on the device. But the company added that attackers could have accessed other data.
In addition to removing the apps from the Android Market, Google suspended the accounts of the developers involved and contacted law enforcement about the attack, and as it did on one previous occasion, the company used the "kill switch" that lets it remotely remove mobile apps that have already been installed by end users.
Google maintains a persistent connection to Android phones that let the company not only remotely remove applications from devices but remotely install them as well. The remote install tool is used when Android owners purchase apps via the new web incarnation of the Android Market. The Android Market Web Store lets you browse and purchase applications via a browser, as opposed to Android client loaded on handsets.
Apple maintains its own "kill switch" for the iPhone. In 2008, an iPhone hacker told the world that Apple had added an app kill switch to the iPhone, and Steve Jobs later confirmed its existence. "Hopefully, we never have to pull that lever," Jobs said, "but we would be irresponsible not to have a lever like that to pull."
On Saturday, Google also said that it is pushing a security update to all Android devices affected by the malware in question. If your device was affected, the company said, you will receive an email from android-market-support@google.com, and you'll get a notification on your phone that a package called “Android Market Security Tool March 2011” has been installed. You may also receive a notification that the offending apps have been removed.
The company is taking additional measures to stop such attacks in the future, but it did not provide specifics. "We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues," the blog post read. ®
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
COMMENTS
Looks like bash a network day...
Lucky they have a killswitch.
Imagine if Microsoft had a similar feature to remote update peoples PCs, most botnets would disappear overnight.
A kill switch is only a bad thing if it's used for bad and Google isn't doing a bad job here, especially since it could have been avoided by operators updating the phones of their customers.
Google shouldn't have to do this but it's a good job they did as they're doing phone operators job for them.
Re: Looks like bash a network day
Actually, if MS had a kill switch it would be fundamentally flawed. Two weeks after it goes live it would be exploited and Microsoft office would magically be uninstalled from every PC on the planet!
Right
You want compensation for the inconvenience of having a virus removed from your phone?
Good luck with that :)
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM Implementer’s Checklist
Steps to Take Before Choosing a Business Continuity Partner
