Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Viruses & Malware
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
Is Fake iMessage App Malware or Not?

Is Fake iMessage App Malware or Not?
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Although there are a growing number of Android malware headlines in tech news lately, it's not clear if the iMessage Chat app for Android, which lets Android users chat with Apple iOS users, directly fits the bill, said Ken Pickering, director of engineering at CORE Security.
 


For all the talk about hackers cracking Apple's Touch ID security, there's another Apple-related threat that should be on the smartphone world's radar screen. But this one comes with a twist.

And here's the twist: It's not Apple users who are at risk. It's Android users who think they are looking at an Apple app.

The app is called iMessage Chat and it's available for free from the Google Play Store. The app lets Android users chat with iOS users, much like BBM (BlackBerry Messenger) lets BlackBerry users chat with other platforms. But it reportedly reads your messages, installs malware on your device, and even steals your Apple passwords.

Accessing the Secret Sauce

Jay Freeman, an application developer best known for creating the Cydia app store for jailbroken iPhones, is sounding the alarm. He explained the way it works: The client directly connects to Apple, but the data is all processed on the developer's server in China.

"This not only means that Apple can't just block them by IP address, but also that they get to keep the 'secret sauce' on their servers (and potentially just run Apple code: there are some parts of the process in Apple's client code that is highly obfuscated)," he wrote on a Google+ post.

Freeman explained that every packet from Apple is forwarded to 222.77.191.206, which then sends back exactly what data to send to Apple, along with extra packets that he presumes tell the client what's happening so it can update its user interface. Likewise, he said, if the client wants to send a message, it first talks to the third-party server, which returns what needs to be sent to Apple. The data is re-encrypted as part of this process, he continued, but its size is deterministically unaffected.

"Clearly, this is suboptimal from a security perspective. Is this the kind of thing that Google gets involved in?" he asked. "The developer is even responding to reviews about login issues asking only for user's Apple IDs, which makes it sound like even the authentication must be under his direct control (where it can be logged and debugged given only the username). Arguably, though, the app does do what it claims to do ;P."

Is It Really Malware?

Ken Pickering, director of engineering at CORE Security, pointed to the growing number of Android malware headlines in tech news lately. But he told us he's not sure if this application directly fits the bill.

"It's hard to know if it's a bad application or a phishing attempt. They're not informing users that their credentials and messages are likely stored on developer servers and it doesn't seem to do what it claims -- according to the Verge's test -- that could be because Apple has blocked its servers, or it may be a ham-handed attempt to farm credentials," Pickering said.

"But, the general rule of thumb for all mobile app installers: review the security information Android gives you when you install an app, and be careful about entering any external credentials into any third-party application unless you trust them completely," he added.
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Viruses & Malware
1.   9 Norton Security Products Are Now 1
2.   Data Stolen from U.S. Health Network
3.   Beware Facebook Color Scam
4.   Kaspersky Looks Inside 'Epic' Attack
5.   BadUSB Turns Thumb Drives Evil


advertisement
Android 'Fake ID' Puts Millions at Risk
Users: stick to apps from Google Play.
Average Rating:
Data Stolen from U.S. Health Network
Chinese hackers targeted hospital firm.
Average Rating:
9 Norton Security Products Are Now 1
Symantec takes software-as-service tack.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Cost of Target Data Breach: $148 Million
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 

Enterprise Hardware Spotlight
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 

Mobile Technology Spotlight
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.