[ISN] Soundminer Android Malware Listens, Then Steals, Phone Data

From: InfoSec News <alerts_at_private>
Date: Fri, 21 Jan 2011 05:18:02 -0600 (CST)

By Jeremy Kirk
IDG News Service
January 20, 2011 

Researchers have developed a low-profile Trojan horse program for 
Google's Android mobile OS that steals data in a way that is unlikely to 
be detected by either a user or antivirus software.

The malware, called Soundminer, monitors phone calls and records when a 
person, for example, says their credit card number or enters one on the 
phone's keypad, according to the study.

Using various analysis techniques, Soundminer trims the extraneous 
recorded information down to the most essential, such as the credit card 
number itself, and sends just that small bit of information back to the 
attacker over the network, the researchers said.

The study was done by Roman Schlegel of City University of Hong Kong and 
Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, XiaoFeng Wang 
of Indiana University in Bloomington, Indiana.

"We implemented Soundminer on an Android phone and evaluated our 
technique using realistic phone conversation data," they wrote. "Our 
study shows that an individual's credit card number can be reliably 
identified and stealthily disclosed. Therefore, the threat of such an 
attack is real."


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Fri Jan 21 2011 - 03:18:02 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 21 2011 - 03:24:22 PST