Feeds

No woman, no drive: Saddo hackers lob Android nasty at Saudi women's rights campaign

Trojan also sniffs at privates...

High performance access to file storage

Reactionary hacktivists have brewed up a strain of Android malware targeted against the Alsharif campaign, which encourages Saudi Arabian women to defy their country's ban on female drivers.

Women have long been effectively banned from driving in the Middle Eastern kingdom, thanks to local interpretations of Islamic customs not shared elsewhere in the Muslim world. There is no law on women driving, as such, but anybody who wants to drive in the country needs to obtain a local driving licence – and women are not allowed to take the test.*

A grassroots movement, dubbed the Oct 26th Driving Campaign, is fighting for the right for women to drive in Saudi Arabia. Local police have arrested women who allegedly drove around the country before uploading videos of their activities to YouTube.

In addition, the driving campaign website has been under constant attack - including defacements - from forces who would wish to see the ban kept in place.

This turn of events is perhaps not too surprising given that Saudi Arabia is a "region of the world where the penalty for hacking a website is less than the penalty for female found defying the ban on driving a vehicle," according to mobile security researcher Irfan Asrar.

More recently, hackers who share the same patriarchal point of view have upped their attempts to mess with the car-driving-for-women movement by cooking up an Android trojan.

The malware, dubbed Hackdrive, comes disguised as an Android app to support the campaign, even featuring the icon that has come to symbolise the movement of the Oct 26th Driving Campaign - a pink car. In reality, the app is designed to spew the same hate-filled propaganda that accompanied the earlier defacement campaign, Asrar reports.

"Firstly, audio is jammed by the app repeatedly playing the audio from the YouTube video hit “No woman, no drive”[embedded below for our readers' delight], making it impossible to listen to anything else on the device or carry out a phone conversation," he writes.

"Additionally, a message in Arabic text is displayed similar to the defacement messages used on the hacked website."

Routines in the malware contain the ability to scour through the contact database of compromised smartphones, harvesting names and numbers before uploading the information to a remote server. However the functionality is not turned on, something that might change with possible follow-up versions of the malware.

Asrar - whose write-up of the threat, complete with screenshots, can be found in a guest post on security researcher Graham Cluley's blog - writes that it would be a mistake to interpret the malware as a childish prank.

"On the surface the antics used in the app and the website defacing may seem juvenile. But make no mistake, this is hate and prejudice manifested into an Android app," he concludes. ®

”No Woman No Drive” Bob Marley cover

Bootnote

*At the time your correspondent, then a young trainee telecoms engineer, spent five months on secondment to Bahrain in the late '80s, the Saudi driving test purportedly involved driving five metres forward and five metres in reverse – together with the payment of a modest bribe (baksheesh). It's unclear how far things have moved along in the 25+ years since.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.