Linked by Thom Holwerda on Wed 30th Nov 2016 19:26 UTC
Android

Ghost Push has continued to evolve since we began to track it. As we explained in last year's Android Security report, in 2015 alone, we found more than 40,000 apps associated with Ghost Push. Our actions have continued at this increasingly large scale: our systems now detect and prevent installation of over 150,000 variants of Ghost Push.

Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent. In the last few weeks, we've worked closely with Check Point, a cyber security company, to investigate and protect users from one of these variants. Nicknamed 'Gooligan', this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps. This morning, Check Point detailed those findings on their blog.

As always, we take these investigations very seriously and we wanted to share details about our findings and the actions we've taken so far.

An interesting post by Adrian Ludwig, Android's security chief, on a site called "Google Plus".

Order by: Score:
Comment by smashIt
by smashIt on Wed 30th Nov 2016 19:36 UTC
smashIt
Member since:
2005-07-06

The fight against Ghost Push...


...was lost as soon as they relied on device-manufacturers for os-updates


btw: I am typing this on a tablet that saw its last update when heartbleed was a thing...

Reply Score: 6

RE: Comment by smashIt
by darknexus on Wed 30th Nov 2016 20:14 UTC in reply to "Comment by smashIt"
darknexus Member since:
2008-07-15

"The fight against Ghost Push...


...was lost as soon as they relied on device-manufacturers for os-updates
"
Bingo. Funny how they won't admit where the real problem is.

Reply Score: 4

RE: Comment by smashIt
by Alfman on Wed 30th Nov 2016 21:46 UTC in reply to "Comment by smashIt"
Alfman Member since:
2011-01-28

smashIt,

...was lost as soon as they relied on device-manufacturers for os-updates


My wife is looking for a new tablet, and she was focusing on some android 4.4 devices because they are < $100, but I convinced her to rule out old versions of android for this very reason. It's not that she needs more/newer features, but I know that none of the older versions are ever going to be updated and are likely exploitable with known vulnerabilities right out of the box.

The new versions are likely going to end up in the same outcome, however at least we're starting with something recent.


btw: I am typing this on a tablet that saw its last update when heartbleed was a thing...


Yep, updates will remain a problem because manufactures don't want to deliver updates themselves and they don't want to provide the FOSS community with what we needs to build our own independent updates. We can't reuse the proprietary drivers because there's no ABI to make those bits portable to new kernels. We're stuck.

Reply Score: 2