Smartphone security follies: A brief history

The dangers were hammered home last week when the Android Police blog revealed that a vulnerability in the Skype Android application could allow hackers to swipe users' email addresses, contact lists and chat logs.

As smartphones have grown more powerful and complex, so have the threats against them.

This has become especially true as smartphones have evolved from tightly controlled enterprise-centric devices such as Research in Motion's BlackBerry series to consumer-oriented devices such as Android that run on open-source operating systems. These dangers were further hammered home last week when the Android Police blog revealed that a vulnerability in the Skype Android application could allow hackers to swipe users' email addresses, contact lists and chat logs.

LATEST THREAT: Skype for Android leaks user data

With this in mind, we thought it would be a good time to go over some of the highest-profile smartphone security follies of the past few years, whether they came in the form of application vulnerabilities or applications embedded with malicious code. As we go through the years, you'll see that threats to mobile devices have not only become more prevalent but also more complicated.

August 2006: Researcher creates first-ever BlackBerry Trojan

RIM made its name by developing well-engineered mobile devices that could securely deliver corporate email by routing it through the company's own network operations center. In 2006, however, security researcher Jesse D'Aguanno began poking holes in RIM's Teflon by creating the world's first piece of Trojan malware for BlackBerry devices. Demonstrating his creation at the Defcon hacker conference, D'Aguanno showed how he embedded the malware into a harmless-looking tic-tac-toe game download. Once the game was downloaded onto the device, the malware worked with a separate piece of code, called BBProxy, to launch attacks on enterprise networks.

D'Aguanno said he created the Trojan to serve as a heads-up to both RIM and BlackBerry users that they should be more alert to the potential dangers that lurk for mobile devices. Over the past five years, events have proven D'Aguanno's concerns to be accurate.

January 2009: RIM patches PDF vulnerability

Seeing how important PDF files are in the corporate world, RIM would have been negligent if it didn't incorporate them into its BlackBerry devices. Even so, the successful integration of PDFs into RIM devices and its BlackBerry Enterprise Server wasn't headache-free.

In 2009 RIM announced that "multiple security vulnerabilities" existed in some versions of the enterprise servers' PDF distiller that were released as part of its BlackBerry Attachment Service. The vulnerabilities could allow hackers to send users emails containing a "specifically crafted PDF file" that could cause memory corruption and "possibly lead to arbitrary code execution" of the computer hosting the attachment service.

November 2009: iPhone users get Rick Rolled

Stealing peoples' personal information is one thing -- but what sort of monster subjects unsuspecting iPhone users to the horrors of Rick Astley?

That's precisely what happened in late 2009, when the first-ever iPhone worm began forcibly changing users' iPhone wallpaper to a picture of much-loathed '80s singer Rick Astley. The worm was mostly a harmless prank written by an unemployed Australian programmer, but it was a sign of more sophisticated and dangerous iPhone worms to come.

November 2009: iPhone worm goes after banking codes

It only took two weeks for a copycat hacker to use the formula revealed by the "Rick Roll" worm to create a more malicious piece of code to build a botnet used for stealing data such as online banking credentials. The worm was apparently created by Dutch hackers and used a command-and-control strategy that is frequently used in PC-based botnets to steal data from infected devices. The worm only struck jailbroken iPhones, however, so the majority of iPhone users were not at risk.

Tags consumer electronicsskypesecurityNetworkingPhonessmartphoneswirelessSkype Android leakanti-malware

More about BlackBerryGoogleLANMotionRIMSkypeSophos

Comments

Comments are now closed

State Department computer crash slows visa, passport applications worldwide

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]