It has been reported that a newly uncovered form of Android malware called RedDrop has the ability to steal critical information from infected devices. The research was conducted by security company Wandera, which stated that RedDrop was able to harvest full audio recordings of phone calls and also had the capability of secretly sending SMS messages to a premium rate service, increasing the users phone bill. IT security experts commented below.
Craig Young, Computer Security Researcher at Tripwire:
Android users do not need to do anything more than normal to guard against this threat. Default settings on all supported releases of Android should be pretty well protected against by installing only from trusted sources and leaving Google Play Protect enabled. It is also of course important to be mindful about what permissions are requested by apps. With Android 6 (released 2015), apps will request permissions at runtime which should make it abundantly obvious when a malicious app wants to do something like sending SMS or recording audio. Users of older Android releases must rely instead on reviewing the requested permissions at install time to confirm that they are appropriate for the app.”
Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:
Pegasus was an espionage campaign by the Israel-based NSO Group. capable of keylogging, screenshot capture, live audio and video capture, and data exfiltration from common social media applications.
Android phones are more likely to get malware than iPhones for two reasons. One, the Google Play app store is less strict at filtering malicious apps than the Apple App Store; and two, most Android phones are not up-to-date. According to Google’s developer dashboard, most Android users are on the 6.0 Marshmallow version – several versions behind, and less than one percent of users is running the newest 8.1 Oreo version.”
Mounir Hahad, Head of Tthreat Research at Juniper Networks:
The real question is when are enterprises that allow BYOD going to start paying attention to this threat vector? It has been mostly ignored so far under the assumption that the enterprise does not own the device and therefore cannot remediate it. But, BYOD devices are clearly posing a security risk if they can allow for spyware to run. Lateral movement in this case is just an executive with an infected device walking into a board meeting.”
Andrew Speakmaster, Founder and Chief Technology Officer at SiO4:
The greatest threat from this malware is the potential to infiltrate a corporate network where IT assets are compromised and data can be exfiltrated. Many organizations have a BYOD policy which would be an ideal method of attack to create a devastating breach.
Third-party apps should never be downloaded onto a device, only apps from trusted sources like the Google Play Store Apple App Store should be used.”
Anthony James, Chief Marketing Officer at CipherCloud:
Tools like RedDrop can enable the compromise of an entire corporate network, by clandestinely riding in camouflage within infected Android devices. This raises the imperative for enterprise and government to better understand how they will provide end-to-end data protection for cloud and on-premise based resources knowing that network penetration by an attacker becomes much more likely each and every day.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.