ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Researchers build 8,000-strong smartphone botnet

By | March 8, 2010, 1:39pm PST

Summary: Security researchers used the lure of an innocuous weather application to commandeer about 8,000 iPhones and Android devices in a mobile botnet.

Looking to raise awareness about the security implications of third-party apps in smartphones, a pair of security researchers used the lure of an innocuous weather application to commandeer about 8,000 iPhones and Android devices in a mobile botnet.

The research project, first discussed by Dark Reading’s Kelly Jackson Higgins, was unveiled at this year’s RSA conference to show how harmless-looking smartphone apps can harvest sensitive user information, including GPS coordinates and phone numbers.

The project is the brainchild of Derek Brown and Daniel Tijerina of with TippingPoint’s Digital Vaccine Group.  According to the report, the experimental app links to the Weather Underground Website and provides local and other weather forecast information to its users.

follow Ryan Naraine on twitter

It was created and submitted it to app clearinghouses that offer apps for Androids and jailbroken iPhones.

It should be made clear that only jailbroken iPhones were caught in the proof-of-concept botnet.  The researchers said they avoided Apple’s iPhone app store because of Apple’s strict security process, which includes code signing.

From the Dark Reading article:

Within an hour of the app being set up on the SlideME and ModMyI app sites, the researchers had 126 downloads, and 702 after eight hours. “After 24 hours, we had 1,862,” Tijerina says. And as of yesterday, the count was 7,800 iPhones and Androids running the app. “This was really surprising because if this was malicious code, that’s a lot of bots we would control,” he adds.

To prove the dangers of the mobile botnet, the report said the pair also wrote a malicious version of the weather app that runs bot code and can grab contact information, cookies, and physical addresses, and can send spam runs.

The researchers say they have no plans to release the malicious application.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple iPhone, Researcher, Smart Phone, App, Smart Phones, Cellular Phones, Handhelds, Consumer Electronics, Personal Technology, Hardware, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

92
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Researchers build 8,000-strong smartphone botnet
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
Raising Awareness: Time to make a switch to an alternate O/S
blablablablah 8th Mar 2010
Folks,

If you have just about had it with the BS Bots, viruses, trojans, BSoD/rootkits du jour, then maybe it's time consider making a switch to the safest operating system on the planet?:

Ubuntu 9.10 Linux

Dietrich T. Schmitz
GNU/Linux Advocate
0 Votes
+ -
Re: Time to Switch
wizard57m@... 8th Mar 2010
Guess you failed to read the article...
the app was targeting iPhone and Android!
AFAIK, Ubuntu will not run on Droid or
iPhones????

Epic fail...NEXT!
0 Votes
+ -
Uh oh, looks like you'd better contact Engadget, to point out their error.
AzuMao 8th Mar 2010
They say it will.
0 Votes
+ -
I stand corrected...
wizard57m@... 8th Mar 2010
AzuMao...tip of the hat! However...
That was Ubuntu 7 right? Has it gone
anywhere since 2007? I've never seen
one, though granted I don't shop for
smartphones that much.
C U L8R! {;-)
0 Votes
+ -
^^ The above is spam
Loverock Davidson 8th Mar 2010
Lets hope it gets deleted for false advertising.
0 Votes
+ -
Hilarious, coming from you.
AzuMao 8th Mar 2010
0 Votes
+ -
Indeed
computer_freak_8 8th Mar 2010
I was thinking the same thing; I'm an Ubuntu fan, sure, but I don't go around making ridiculously false claims about it (at the first post did).

Nor, however, do I go around routinely arguing with people that obviously have a clue (as the post before yours did).

I will, however, comment on something I like, at least from time to time (at I am doing now).
0 Votes
+ -
Huh?
AzuMao 8th Mar 2010
Ubuntu is far from the most secure distro.
In fact I'd go so far as to say Linux isn't even
the most secure kernel; that title belongs to a
*BSD or *Solaris.

Also, you don't need to switch to anything, just
don't illegally hack the OS of your smartphone to
disable the built-in protection that ships with it
by default to prevent piracy.
0 Votes
+ -
Ding, ding, ding, shill alert!
wolf_z 9th Mar 2010
He's an Apple employee boys, bet he's even got a picture of Steve Jobs tacked up inside o' his garage...

(2 points to the first person that recognizes the reference...)
0 Votes
+ -
I ain't even got a garage
ggunsch 9th Mar 2010
Uneasy Rider - Charlie Daniels Band

"And I ain't even got a garage, you can call home and ask my wife."
0 Votes
+ -
No, I'm just someone who RTFAs before commenting.
AzuMao 9th Mar 2010
The user isn't even able to install this trojan unless he first replaces key parts of the operating system on the iPhone with illegal versions that disable the built-in security systems.

Don't get me wrong, I still think Apple stuff is overpriced.
0 Votes
+ -
Reference: Straw Man...
vulpine@... 9th Mar 2010
As in what kind of attack this is, Wolf_Zealot. But then, most everybody
already knows this.
0 Votes
+ -
..
TheLightcosine 9th Mar 2010
Azumao, out of the ones that are still commonly
used today. i would point you to some of the
deprecated systems such as VMS though if you wanna
get really serious about that discussion =)

What does any of this have to do with iPhone
botnets though?
0 Votes
+ -
Not much.
AzuMao 9th Mar 2010
I was replying to D. T. Schmitz's post, not Ryan Naraine's story.


He said Ubuntu 9.10 was the most secure OS, and that the iPhone needed switched to an alternative OS to not be affected by this. Both of which are wrong.
0 Votes
+ -
I don't see no Ubuntu running on no smart-phones.
Bruizer 8th Mar 2010
Stupidest post of the year so far.
0 Votes
+ -
Really?
AzuMao 8th Mar 2010
Then what's this?
0 Votes
+ -
Looks to me
Cylon Centurion 8th Mar 2010
Like an abandoned project
0 Votes
+ -
Looks like a tablet based OS.
Bruizer 8th Mar 2010
and not a phone (Note: I said smartphone) system.

I guess: "I [still] don't see no Ubuntu running on no smart-
phones."
0 Votes
+ -
Wow D
Cylon Centurion 8th Mar 2010
This article was about smartphones. Sheesh. Ed is right when he calls you out for not reading the article before hand.
0 Votes
+ -
On my screen it's Loverock calling him out.
AzuMao Updated - 8th Mar 2010
Surely they're not the same person?

I mean I know they both like Windows but they're personalities seem quite different.


p.s. Also, the calling out was invalid.
0 Votes
+ -
Actually...
wizard57m@... 8th Mar 2010
it was me that called DT out! I'm not "Ed"
either...is that referring to Ed Bott?
Plus, it looks like your wiki link to Ubuntu
for mobiles references a now abandoned project.
The MID is left for historical purposes only.
Question...other than Android, what other
Linux systems are currently in use on smartphones? I don't know...anybody?
Guess I might go search that up.
C U L8R!
Wiz {;-)
0 Votes
+ -
Yes
Cylon Centurion 8th Mar 2010
Ed Bott. And the link is broken for me as well.

Android is the only Linux system I have seen run on smartphones.
0 Votes
+ -
When you change the requirement from "new version of Ubuntu" to "any Linux-
AzuMao 8th Mar 2010
based OS", it gets a whole lot
easier.
0 Votes
+ -
Well maybe?....But
LazLong 9th Mar 2010
Actually there have been several...
Sprint WebOS comes to mind.
And LinMo(Moto etc) & Mameo(Nokia)... which have now together become MeeGo or something? And While Smartphones in the US only have become trendy because of the iPhone in '07, the Far East & Europe had started the trend earlier....

As far back as '04 Linux (in various forms) had 2nd place to Symbian on phones/smartphones with 14% (things have since changed) but even on some plain & semi-smart Moto phones (& others) had Linux like the Rokr, Razor etc.

Can't find the report I was thinking of but will continue to look.
But here is one list of Linux Phones.....

http://www.linuxfordevices.com/c/a/Linux-For-Devices-Articles/Linux-Mobile-Phones/

Android is the only one that seems to get press/marketing so it is understandable
0 Votes
+ -
No
Cylon Centurion Updated - 8th Mar 2010
I am not Loverock.

But my point still stands. He simply didn't read the article, his reply doesn't make sense. It's unsolicited spam (Not unlike the "Wholesale" spammers here) pure and simple.
0 Votes
+ -
Calling out still valid
Michael Alan Goff 9th Mar 2010
Install 9.10 on your smartphone. DO IT NOW.
0 Votes
+ -
Gentoo
hill60 8th Mar 2010
Roll your own don't rely on some kiddy distro,
0 Votes
+ -
Time to switch?
s.castle@... 9th Mar 2010
1) As noted elsewhere, the story is not about Windows, or any other desktop OS. It is about a botnet targeting the iPhone and Android.

2) Android is Linux based (IIRC), and iPhone OS is based on FreeBSD.

It's worth noting that ANY OS (including your beloved Ubuntu) is only as secure as the user allows it to be. If he or she should routinely log in as root (they shouldn't, but an inexperienced user might), and install a trojan, Linux is as easily compromised as Windows.
0 Votes
+ -
windoze mobile is spyware
Linux Geek 9th Mar 2010
a monoculture of windoze is harmfull.
hence everybody should support Linux and Android.
0 Votes
+ -
"windoze mobile is spyware ..."
Mr. Slate 12th Mar 2010
That accusation doesn't carry much weight coming from someone who's posts are trollware, especially like this one, not even close to being "on topic".
0 Votes
+ -
First time witnessing DID?
AzuMao Updated - 12th Mar 2010
Loverock "Windows is perfect!" Davidson/Linux "Linux is perfect!" Geek/Troll"OSX is perfect!"eur is fun to watch, no?
0 Votes
+ -
One thing to be said about you: You never gives up!! nt
windozefreak 9th Mar 2010
nt
0 Votes
+ -
Hey RETARD... RTFA..
Wolfie2K3 9th Mar 2010
You DO realize that the iPhone OS is some highly bastardized flavor of BSD Unix... Right?

And Android is yet another flavor of embedded LINUX. Right?

And both of these are getting PWNED to the left and to the right by these rogue apps. RIGHT?

So it seems to me that neither one is 100% secure. Now is it...?
0 Votes
+ -
RE: Researchers build 8,000-strong smartphone botnet
lovedong 13th Sep
KAKKOII Ne~~ Yamacchan with the dog how cute ~~~ ;_; replica watches
0 Votes
+ -
Is Windows Mobile vulnerable to this malware?
NonZealot 8th Mar 2010
No? Just the iPhone? Good. Looks like my phone is safer
then. happy
0 Votes
+ -
Try reading the article. NT
msalzberg 8th Mar 2010
NT
0 Votes
+ -
The iPhone isn't vulnerable either.
AzuMao 8th Mar 2010
Only phones with operating systems that have been illegally hacked by their user are.

The iPhone comes with an OS that won't let this malware install.
0 Votes
+ -
The article calls you a liar
NonZealot 8th Mar 2010
The iPhone isn't vulnerable either.

The article specifically states that the iPhone
was exploited by malware. You sir, are wrong when
you say the iPhone isn't vulnerable. It is very
vulnerable to botnet malware. Windows Mobile
phones, like mine, are immune to this. Must be
because they have better security. happy
0 Votes
+ -
NonZealot, learn to use pronouns correctly.
AzuMao 8th Mar 2010
"You" refers to the person being spoken to, not the speaker.

"Me" would have been the appropriate word to use in your title, since it refers to the speaker, not the person being spoken to.

If you read the article, you would know that only operating systems that have been illegally hacked by the user on purpose are affected.

If you buy an iPhone and try to install this trojan, it won't install.

You would have to first illegally hack the operating system to disable the security built in to it by default which renders it invulnerable to this kind of stuff.
0 Votes
+ -
8,000 hacked iPhones can't be wrong!!
NonZealot 9th Mar 2010
How many Windows Mobile phones in the botnet? 0.
WinMo = safe. iPhone = swiss cheese phone. happy
0 Votes
+ -
It didn't say 8,000 iPhones.
Bruizer 9th Mar 2010
Are you lying again NZ? I thought we broke you of blatant lies.

WinMo = forgotten. iPhone (as delivered) = safe, secure and powerful.
0 Votes
+ -
Zealot wrong as usual
RealNonZealot 9th Mar 2010
Ah, the irrational depths to which Zealot sink in his Windows
fanboism....

This is exactly why iPhones are superior (security-wise) to WinMo,
Android, etc, and why the whiners about the tightly controlled App
Store should just relax and enjoy the security.

Only illegally jailbroken iPhones can run this app: it would never
make it through Apple's security checks to the App Store. Of course, if
you want to root your own device and put a trojan on it, it's sure not
the device's or the mobile OS's fault.

Apple's secure and multi-tiered environment was designed to avoid
this kind of thing, which is one of the many reasons why its superior
to its competitors.
0 Votes
+ -
Nope, iPhones won't run this.
AzuMao 9th Mar 2010
If you illegally turn your iPhone into something else (by replacing the operating system) it's no longer an iPhone, sorry.

Just like if I installed Windows on a Macintosh, and it got hacked, it wouldn't be a flaw in OSX.
0 Votes
+ -
And, it would not be a flaw in windows either...
windozefreak 9th Mar 2010
It would be a flaw of the user for not protecting his/her assets.
0 Votes
+ -
@windozefreak Exactly.
AzuMao 9th Mar 2010
The OS shipped in the iPhone won't let this trojan run.

The illegal hacked version will.

It is the fault of the user.. for using an insecure OS.
0 Votes
+ -
Anyone notice that NonZealot doesn't have good reading comprehension?
vulpine@... 9th Mar 2010
How many times do you have to be told that only jailbroken iPhone
and Android phones were affected? That 8,000 is NOT just
iPhones and the article specifically stated that non-jailbroken phones
were safe.

But then, we already know that you go out of your way to misread any
article that mentions Apple in a positive light.
0 Votes
+ -
Er.. WHERE did it say that in the article?
Wolfie2K3 9th Mar 2010
If you buy an iPhone and try to install this trojan, it won't install.

You would have to first illegally hack the operating system to disable the security built in to it by default which renders it invulnerable to this kind of stuff.

Did we read the SAME article? Seems to me that the article said that they did NOT submit it to the Apple iPhone store because they figured Apple might have found them out. Nowhere did it say they couldn't install the app on a non-jailbroken iPhone. It sounds like YOU probably could install it - if it were available on the iTunes store...
0 Votes
+ -
It's not.
AzuMao 9th Mar 2010
And won't be, because submitting a trojan to it would be illegal, and traceable. And quickly removed assuming it was added to begin with.

So, no, you can't install it on a legit iPhone.


I wonder if you'd care about a trojan that could only be installed on Windows if you first used an illegal crack to get around WGA that disabled security built into Windows (and of course the trojan itself also had to be installed by the user, on purpose, just like here)?

I don't think you'd call that a flaw in Windows.
0 Votes
+ -
Well
lelandhendrix@... 10th Mar 2010
Umm, that's exactly the point!!

You COULDN'T install this app unless you HACK your iPhone, because the
app would never be in the app store/iTunes.
0 Votes
+ -
The obvious statement is that you
Snooki_smoosh_smoosh Updated - 9th Mar 2010
cannot read. "It was created and submitted it to app clearinghouses that offer apps for Androids and jailbroken iPhones."

Funny all of the complaining about Apple not opening their platform to 3rd party stores has just strengthened the argument for the Apple App store.

Hmm, I wonder why this has not happened on the non-jailbroken iPhones? Oh that's right, because dev's have to submit their code for review.

Dang it NZ once again your wrong. Accept it.

WiMo is just as open as Android. Able to install from any source, it will soon sour as well. Enjoy.
0 Votes
+ -
RE: Researchers build 8,000-strong smartphone botnet
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix