Majority of Mobile Malware Now Reliant On Toll Fraud 39
CowboyRobot writes "Spyware is no longer the primary concern with unwanted software on mobile devices. According to mobile security firm Lookout, most mobile malware performs 'toll fraud' — billing victims using premium SMS services. The problem is very geographically-dependent, worst in areas with weak SMS regulation, particularly China, Ukraine, and Russia, where users are 10,000 times more likely to have malware on their phones than users in Japan, for example. Other risks include mobile ads surreptitiously uploading personal data, as well as apps that download other malware without users knowing. The full report is available."
Re:Slashdot rss feed broken (Score:4, Funny)
stuck at "It's Easy To Steal Identities (Of Corporations)"
try lifting the lid and blowing on it, then jiggle the cable... and if that doesn't work, give it a few good knocks on the side
But... (Score:5, Funny)
But... But... You cant have regulations, you have to let the Free Market....
Thank god i live in a socialist hellhole where when this crap started to spring up it got massively stomped on by regulating the crap out of it.
Re:But... (Score:4, Interesting)
Looking at Europe, policies indeed seem to influence matters significantly: https://www.mylookout.com/_gfx/page-images/state-mobile-security/likelihood-heat-map.jpg [mylookout.com]
I'm not sure whether France and Norway are particularly lax in their SMS regulation, but it could be.
Re:But... (Score:5, Funny)
But.l. but... look at the infection rate in Somalia!
As usual, the free market wins. I'm moving there tomorrow.
Re: (Score:3, Insightful)
Dumb yank. Socialist != communist.
Re: (Score:2, Informative)
The Netherlands is in comparison pretty socialist, and it has a below average infection of malware, and you can smoke pot legally, and it has an above average IQ of 102!
(source for last statement: http://www.sq.4mg.com/NationIQ.htm [4mg.com] )
Woo!
Why do we even need a system for premium rate SMS? (Score:5, Insightful)
Seriously, why do we even need a system which lets people charge arbitrary ammounts via SMS? It's insecure, ripe for abuse and open to fraud. I don't think I have ever seen it used for a beneficial purpose, except perhaps for charity donations which could just as easily be done via another system.
So, why not just shut the thing down? Or, heck just limit it to registered charities; it's not like anyone else uses it but those who prey on the weak (rip off custom ringtone companies, horoscope peddlers and malware)
Re: (Score:1)
Well telco's make money off it, so if you want it shut down you'll have to lobby against them.
Re: (Score:3, Insightful)
Re: (Score:2)
Re:Why do we even need a system for premium rate S (Score:4, Interesting)
you would think this is a reasonable request. My wife had a twenty dollar charge on a tmobile account, and they said that she had used "premium" network services. She had to pay that time, and went through every formal protest that she could just to record that it wasnt her and we would not pay twice. All of the texting plans outside of pure data ( g-chat, g-voice, email , etc) had already been disabled. 2 months later it happened again.We had to fight tooth and nail to get them to remove the charge, and then they ended up forgetting the promise to undo the charge and said it was our responsibility to have the charges removed by the vendor... completely ignoring the fact that as no service was purchased, there was no vendor to speak with. They also tried to say that anyone with the phone's email address could place charges to the number , and the tmobile would just pass through the charges. We knew this was obvious bullshit, and got the guy to bac down on that one. Hours later they finally realised that this is their issue, and that they were about to lose customers, so they gave the cash back " within 90 days".
Re: (Score:3)
It's just a way of stealing lots of money from very many people. The telcos get a cut, so their bosses don't care.
If you stole even 20 bucks from someone, they call the cops on you and you'd be in trouble, but the Telcos and their partners get away with stealing from thousands and thousands of people.
Re: (Score:2)
well... they backed out on the promise once, and failed to fix the issue to prevent it again. Now they have promised to reduce a bill in 60-90 days. So, as of yet, they are just pushing us around hoping we give up. I will only say they gave it back when we see it.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2, Informative)
Actually I use it for quite a few things.
-) Paying parking fees. You just send a text with the amount if time you want to book and you can extend it without going to your car too. Getting the parking fee coupons on paper is a major PITA, you can only buy them in
-) Paying for the washing mashine at my student dorm.
You can also:
-) Buy tickets for public transport.
So it is quite usefull and I have not heard of any abuse using malware in my country. It only works for national numbers and therefore any fraud cou
Re:Why do we even need a system for premium rate S (Score:4, Interesting)
It has some uses (see other replies), and it's OK if you have strong regulation of the service providers.
Example here [phonepayplus.org.uk], which was news here last week:
A malware attack targeted at 18 countries that cost unsuspecting users £15 every time they tried to open a ‘free’ app has been cut off by PhonepayPlus, the UK’s premium rate telephone services regulator. Sanctions imposed by the regulator’s Tribunal will see all money returned to UK consumers on top of a £50,000 fine imposed on the provider of the premium rate shortcodes that enabled the apps to fraudulently charge smartphone users.
none of this £27,850 of UK consumers’ money reached the fraudsters.
(The apps were "free" versions of popular apps, downloaded from alternative app stores -- not the Google one -- or websites.)
Re: (Score:2)
It has some uses (see other replies), and it's OK if you have strong regulation of the service providers.
The UK has such strong regulation of this area precisely because of abuse of the capability in the past; there was a spate of premium charges for various tricky things a number of years back (in the '90s IIRC) and so action was taken to stop fraudsters from getting the money. The core of the regulation is a mandatory delay (minimum 1 month?) between when the charge appears on the customer's bill and when the money reaches the owner of the premium service, which gives time for abuse to show up and be stomped
Re: (Score:2)
The issue is that this is an old service which well predates micro-payments. As such it has quite a large install base, just not anything useful you use on a day to day basis. I remember travelling through Europe for several months and it was a basic transaction form there. The best use was paying for public transport when you're already on the public transport. No need to queue at a machine and buy a ticket, just hope on the train and send a SMS. Paying for parking, and buying permits for some places we vi
photos (Score:1)
malware WITHOUT users knowing (Score:1)
Simples - don't! (Score:2)
Don't install apps that require internet access or permission to make phone calls or send texts.
Sadly this user abuse by apps is a form of idiot tax on users who don't or won't understand how to manage their own safety.
Re: (Score:1)
"Don't install apps that require internet access"
And in that case most of my apps are completely useless.
"or permission to make phone calls or send texts."
You do notice that this is a problem with only Android?
"on users who don't or won't understand how to manage their own safety."
Why should I have to "manage my safety" on a cell phone?
Wouldn't it be better if third party apps just generally weren't allowed to send SMS messages and make phone calls?
Re: (Score:2)
You're right, almost all apps require internet access but not letting apps make phone calls or send texts is just the walled garden approach.
Wouldn't it be better if third party apps just generally weren't allowed to send SMS messages and make phone calls?
No. That would mean no alternative texting apps, or special dialers like T9 stuff. Additionally, the "Send SMS" permission is one of the most strongly worded by Google (one they actually explained well). It's even under the category of "Services that cost you money"
Anyways, personally I don't think it's fair to blame the OS for what is clearly a rip-off by the carri
Only prepaid SIM cards for me... (Score:5, Interesting)
I'm working as a programmer since nearly 20 years and I just love technology. I use Linux as a desktop since the early days of Slackware, back when it took quite a leap of faith.
My cellphone? An iPhone... With a prepaid SIM card!
That way I'm sure that: a) I'll spend way less than any "plan" (master plan one could say ; ) any operator could come up with and b) no malware / premium SMS service / crazy app/site eating my 3G bandwith can never "eat" more than the data limit available on my prepaid card.
Re: (Score:2)
Technically, malware like that on iPhone won't get very far because of Apple restrictions.
First, an app can only send an SMS surreptitiously if it uses its own SMS network (kinda defeats
Thats a relief! (Score:2)
Off by a factor of 10. (Score:3)
The report says that devices in Japan have a 0.04% chance of being infected. If China and Russia are "10,000 times more likely" to be infected then that would give them infection rates of 400%, which seems unlikely.
In fact the report states that the rate for Russia is 41.6% making it "only" about 1,000 times more likely than Japan.