Why Smartphone Botnets ?

Why phones? Why are hackers building bots targeting mobile phones? The answer is simple, the Smartphone market is huge with nearly 60 million phones sold in Q2 of 2010 alone. Easy development, the bots should be trivial for hackers to build with the top three Smartphone platforms being similar to the top three computer operating systems, Linux (Android), OSX (iPhone), Windows 7 Phone (Windows). More toys to play with, once the phone is compromised hackers will have access to a GSM modem, digital video camera, your email account and the ability to proxy calls and send text messages from your phone without you knowing.

Poor Smartphone Security

Your Smartphone is always on, it’s always connected to the Internet and it has no firewall. Targeting mobile devices for bots is like going back in time 10 years and looking at how PC’s were connected to the Internet, directly connected with a modem without a firewall of any kind, it really is a no brainier why hackers are moving into this realm.

How will I know if my Android is Owned ?

You wont the bot runs at the base OS level, they can use your GSM modem, access your files, email accounts, contacts, send spam mail and even send texts to help spread the bot further. If a friend of yours who you trust sent you an SMS text saying “Hey Mate,  check out this awesome app it downloads 100 hot girl pics to your phone everyday! It’s banned from the Market Place get it here http://blaaaahhh.com” chances are your going to trust your friend and click the link. The bot will then infect your phone and send out SMS messages to your contact list and grow the Botnet, kind of like the Borg on Star-Trek.

Georgia Weidman  created a Botnet for Android and has created a public release here on her blog GRM n00bs and you can grab her presentation here.

Here is a video of Georgia doing a talk at Shmoocon about her Smartphone Botnet, how it works and what it’s capable of.

Apple have managed to stay clean on the Malware front by checking all Apps that go on sale in the App Store. Android seemingly do less or no security checks with Malware showing up in the Market Place more than once. Malicious users can always trick users into installing from a 3rd party location in the same way people have been tricked into install Malware on computers for years “Install this app now, get it before it goes live in the Market Place” or the classic “Your Android phone is infected with Malware click here to install Android Anti-Malware!”.

Apple’s App Store provides a shield against Malware for iPhone users, however iOS users should not get complacent as the JailBreakMe exploit proved even iOS can be exploited remotely from simply visiting a website.

How long will it be before we see MalwareBytes for the Android…