Forgot your password?
typodupeerror
Crime Security Your Rights Online

Majority of Mobile Malware Now Reliant On Toll Fraud 39

Posted by timothy
from the reverse-the-charges-operator dept.
CowboyRobot writes "Spyware is no longer the primary concern with unwanted software on mobile devices. According to mobile security firm Lookout, most mobile malware performs 'toll fraud' — billing victims using premium SMS services. The problem is very geographically-dependent, worst in areas with weak SMS regulation, particularly China, Ukraine, and Russia, where users are 10,000 times more likely to have malware on their phones than users in Japan, for example. Other risks include mobile ads surreptitiously uploading personal data, as well as apps that download other malware without users knowing. The full report is available."
This discussion has been archived. No new comments can be posted.

Majority of Mobile Malware Now Reliant On Toll Fraud

Comments Filter:
  • But... (Score:5, Funny)

    by Anonymous Coward on Monday September 10, 2012 @05:54AM (#41285987)

    But... But... You cant have regulations, you have to let the Free Market....

    Thank god i live in a socialist hellhole where when this crap started to spring up it got massively stomped on by regulating the crap out of it.

  • by PSVMOrnot (885854) on Monday September 10, 2012 @06:19AM (#41286067)

    Seriously, why do we even need a system which lets people charge arbitrary ammounts via SMS? It's insecure, ripe for abuse and open to fraud. I don't think I have ever seen it used for a beneficial purpose, except perhaps for charity donations which could just as easily be done via another system.

    So, why not just shut the thing down? Or, heck just limit it to registered charities; it's not like anyone else uses it but those who prey on the weak (rip off custom ringtone companies, horoscope peddlers and malware)

    • by Anonymous Coward

      Well telco's make money off it, so if you want it shut down you'll have to lobby against them.

      • Re: (Score:3, Insightful)

        by windviewer (1196719)
        It would be reasonable to expect a means by which the consumer could opt out of premium SMS services (all of them) similar to having call blocks for long distance, 900 calls, etc. on your home phone. Even better, the default would off, and you would have to UNBLOCK the ability by contacting your telco. Alas, this would never be provided voluntarily by a telco without regulation...
        • Even better, this should be on a number-by-number basis.
        • by berashith (222128) on Monday September 10, 2012 @08:46AM (#41286619)

          you would think this is a reasonable request. My wife had a twenty dollar charge on a tmobile account, and they said that she had used "premium" network services. She had to pay that time, and went through every formal protest that she could just to record that it wasnt her and we would not pay twice. All of the texting plans outside of pure data ( g-chat, g-voice, email , etc) had already been disabled. 2 months later it happened again.We had to fight tooth and nail to get them to remove the charge, and then they ended up forgetting the promise to undo the charge and said it was our responsibility to have the charges removed by the vendor... completely ignoring the fact that as no service was purchased, there was no vendor to speak with. They also tried to say that anyone with the phone's email address could place charges to the number , and the tmobile would just pass through the charges. We knew this was obvious bullshit, and got the guy to bac down on that one. Hours later they finally realised that this is their issue, and that they were about to lose customers, so they gave the cash back " within 90 days".

          • by TheLink (130905)
            They eventually gave you your cash back, but how many people would do what you did and fight them for the money?

            It's just a way of stealing lots of money from very many people. The telcos get a cut, so their bosses don't care.

            If you stole even 20 bucks from someone, they call the cops on you and you'd be in trouble, but the Telcos and their partners get away with stealing from thousands and thousands of people.
            • by berashith (222128)

              well... they backed out on the promise once, and failed to fix the issue to prevent it again. Now they have promised to reduce a bill in 60-90 days. So, as of yet, they are just pushing us around hoping we give up. I will only say they gave it back when we see it.

        • I just checked and Bell Mobility (Canada) provides an Anti-SPAM service for your mobile phone that lets you block specific numbers in addition to other features. You only have to PAY $5 a month to save yourself from SPAM. You have to enter the number to block (I think this is backwards; you probably want to LIST the numbers you allow, and BLOCK all others; how do I know what all the SPAM phone numbers are in advance until I get one).
    • FWIW It's a very useful alternative to parking meters... You text the premium number (cost is the same as a normal ticket) and the system replies with a code. That means the actual ticket machine doesn't need payment processing, and you don't need to carry change around.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Actually I use it for quite a few things.

      -) Paying parking fees. You just send a text with the amount if time you want to book and you can extend it without going to your car too. Getting the parking fee coupons on paper is a major PITA, you can only buy them in

      -) Paying for the washing mashine at my student dorm.

      You can also:

      -) Buy tickets for public transport.

      So it is quite usefull and I have not heard of any abuse using malware in my country. It only works for national numbers and therefore any fraud cou

    • by xaxa (988988) on Monday September 10, 2012 @09:29AM (#41286925)

      It has some uses (see other replies), and it's OK if you have strong regulation of the service providers.

      Example here [phonepayplus.org.uk], which was news here last week:

      A malware attack targeted at 18 countries that cost unsuspecting users £15 every time they tried to open a ‘free’ app has been cut off by PhonepayPlus, the UK’s premium rate telephone services regulator. Sanctions imposed by the regulator’s Tribunal will see all money returned to UK consumers on top of a £50,000 fine imposed on the provider of the premium rate shortcodes that enabled the apps to fraudulently charge smartphone users.

      none of this £27,850 of UK consumers’ money reached the fraudsters.

      (The apps were "free" versions of popular apps, downloaded from alternative app stores -- not the Google one -- or websites.)

      • by dkf (304284)

        It has some uses (see other replies), and it's OK if you have strong regulation of the service providers.

        The UK has such strong regulation of this area precisely because of abuse of the capability in the past; there was a spate of premium charges for various tricky things a number of years back (in the '90s IIRC) and so action was taken to stop fraudsters from getting the money. The core of the regulation is a mandatory delay (minimum 1 month?) between when the charge appears on the customer's bill and when the money reaches the owner of the premium service, which gives time for abuse to show up and be stomped

    • by thegarbz (1787294)

      The issue is that this is an old service which well predates micro-payments. As such it has quite a large install base, just not anything useful you use on a day to day basis. I remember travelling through Europe for several months and it was a basic transaction form there. The best use was paying for public transport when you're already on the public transport. No need to queue at a machine and buy a ticket, just hope on the train and send a SMS. Paying for parking, and buying permits for some places we vi

  • by Nesa2 (1142511)
    New wave of pictures, including unsuspecting smart phone user's private parts, flooding internet in 3,2,1..
  • malware WITHOUT users knowing - is it possible at all?
  • Don't install apps that require internet access or permission to make phone calls or send texts.

    Sadly this user abuse by apps is a form of idiot tax on users who don't or won't understand how to manage their own safety.

    • by Karlt1 (231423)

      "Don't install apps that require internet access"

      And in that case most of my apps are completely useless.

      "or permission to make phone calls or send texts."

      You do notice that this is a problem with only Android?

      "on users who don't or won't understand how to manage their own safety."

      Why should I have to "manage my safety" on a cell phone?

      Wouldn't it be better if third party apps just generally weren't allowed to send SMS messages and make phone calls?

      • You're right, almost all apps require internet access but not letting apps make phone calls or send texts is just the walled garden approach.

        Wouldn't it be better if third party apps just generally weren't allowed to send SMS messages and make phone calls?

        No. That would mean no alternative texting apps, or special dialers like T9 stuff. Additionally, the "Send SMS" permission is one of the most strongly worded by Google (one they actually explained well). It's even under the category of "Services that cost you money"

        Anyways, personally I don't think it's fair to blame the OS for what is clearly a rip-off by the carri

  • by Anonymous Coward on Monday September 10, 2012 @07:15AM (#41286239)

    I'm working as a programmer since nearly 20 years and I just love technology. I use Linux as a desktop since the early days of Slackware, back when it took quite a leap of faith.

    My cellphone? An iPhone... With a prepaid SIM card!

    That way I'm sure that: a) I'll spend way less than any "plan" (master plan one could say ; ) any operator could come up with and b) no malware / premium SMS service / crazy app/site eating my 3G bandwith can never "eat" more than the data limit available on my prepaid card.

    • by tlhIngan (30335)

      My cellphone? An iPhone... With a prepaid SIM card!

      That way I'm sure that: a) I'll spend way less than any "plan" (master plan one could say ; ) any operator could come up with and b) no malware / premium SMS service / crazy app/site eating my 3G bandwith can never "eat" more than the data limit available on my prepaid card.

      Technically, malware like that on iPhone won't get very far because of Apple restrictions.

      First, an app can only send an SMS surreptitiously if it uses its own SMS network (kinda defeats

  • For a moment there I thought my mom was running a Russian Bride ring and trying to sell me one.... It's probably just malware...at least thats what I tell myself anyway.
  • by Dean Edmonds (189342) on Monday September 10, 2012 @10:47AM (#41287617)

    The report says that devices in Japan have a 0.04% chance of being infected. If China and Russia are "10,000 times more likely" to be infected then that would give them infection rates of 400%, which seems unlikely.

    In fact the report states that the rate for Russia is 41.6% making it "only" about 1,000 times more likely than Japan.

"You know, we've won awards for this crap." -- David Letterman

Working...