Monday, November 22, 2010

Angry Birds Attack: Smartphone Security Risk

With a glaring lack of security on smartphones, and the potential to attack a constantly growing amount of users, cyber security experts have crafted a new campaign meant to expose a vulnerability within the immensely popular Angry Birds app.
Angry Birds is a game available in Google's Android Market, where smartphone users go to download and purchase mobile apps on smartphones that use the Android mobile operating system. The game rapidly spread throughout the Android community, and has even drawn attention from major video game developer Electronic Arts.

Security researchers Jon Oberheide and Zach Lanier discovered the flaw. They created the fake app to show how cyber criminals could have exploited the vulnerability, and are expected to discuss possible solutions at the upcoming Intel Security Conference in Oregon.

The exploit is based on the popularity of mobile web apps, and offers users a fake app that promises "bonus levels" for Angry Birds. Once downloaded, the fake app allows multiple different apps to be discretely downloaded onto the phone. Without users' knowledge, this could present a new environment in which cyber criminals are given free reign over the information exchanged through the device. Hackers have the potential to design apps that can monitor information exchanged through the device, track its location, steal contact information or even send premium messages that run up phone bills, according to TNW.

Google officials have already noted the vulnerability, tipping their hats to Oberheide and Lanier. They also cited a former issue with Android, not of security, but device management. Users typically had issues with apps on Android phones, leaving them open when they were no longer using the device. This would drain battery or even accidentally open apps that users do not want to access. To solve the problem, Google developed the "kill switch" app, which shut off all unused apps that were open on the phone.

However, Oberheide believes the exploit they discovered presents a new dynamic that the company needs to address.
"In the past, we've focused on the issue of users not paying attention to what permissions they're approving for their apps," Oberheide told Forbes. "But in cases like this, the attacker can bypass those permissions and it's very difficult for users to protect themselves at all."

Luckily, the researchers discovered the vulnerability before cyber criminals did. The flaw carried the potential for massive cyber crime success. Recent research on the smartphone market shows Android's rapid growth this year has launched it into the No. 2 spot in the global operating system market. As more users adopt the OS, and share information through online banking, shopping and social media apps, future security threats are likely to emerge.