Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Viruses & Malware
See data differently
Average Rating:
Rate this article:  
Is Fake iMessage App Malware or Not?
Is Fake iMessage App Malware or Not?

By Jennifer LeClaire
September 24, 2013 1:32PM

Bookmark and Share
Although there are a growing number of Android malware headlines in tech news lately, it's not clear if the iMessage Chat app for Android, which lets Android users chat with Apple iOS users, directly fits the bill, said Ken Pickering, director of engineering at CORE Security.
 


For all the talk about hackers cracking Apple's Touch ID security, there's another Apple-related threat that should be on the smartphone world's radar screen. But this one comes with a twist.

And here's the twist: It's not Apple users who are at risk. It's Android users who think they are looking at an Apple app.

The app is called iMessage Chat and it's available for free from the Google Play Store. The app lets Android users chat with iOS users, much like BBM (BlackBerry Messenger) lets BlackBerry users chat with other platforms. But it reportedly reads your messages, installs malware on your device, and even steals your Apple passwords.

Accessing the Secret Sauce

Jay Freeman, an application developer best known for creating the Cydia app store for jailbroken iPhones, is sounding the alarm. He explained the way it works: The client directly connects to Apple, but the data is all processed on the developer's server in China.

"This not only means that Apple can't just block them by IP address, but also that they get to keep the 'secret sauce' on their servers (and potentially just run Apple code: there are some parts of the process in Apple's client code that is highly obfuscated)," he wrote on a Google+ post.

Freeman explained that every packet from Apple is forwarded to 222.77.191.206, which then sends back exactly what data to send to Apple, along with extra packets that he presumes tell the client what's happening so it can update its user interface. Likewise, he said, if the client wants to send a message, it first talks to the third-party server, which returns what needs to be sent to Apple. The data is re-encrypted as part of this process, he continued, but its size is deterministically unaffected.

"Clearly, this is suboptimal from a security perspective. Is this the kind of thing that Google gets involved in?" he asked. "The developer is even responding to reviews about login issues asking only for user's Apple IDs, which makes it sound like even the authentication must be under his direct control (where it can be logged and debugged given only the username). Arguably, though, the app does do what it claims to do ;P."

Is It Really Malware?

Ken Pickering, director of engineering at CORE Security, pointed to the growing number of Android malware headlines in tech news lately. But he told us he's not sure if this application directly fits the bill.

"It's hard to know if it's a bad application or a phishing attempt. They're not informing users that their credentials and messages are likely stored on developer servers and it doesn't seem to do what it claims -- according to the Verge's test -- that could be because Apple has blocked its servers, or it may be a ham-handed attempt to farm credentials," Pickering said.

"But, the general rule of thumb for all mobile app installers: review the security information Android gives you when you install an app, and be careful about entering any external credentials into any third-party application unless you trust them completely," he added.
 

Tell Us What You Think
Comment:

Name:



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Viruses & Malware
1.   Big DDoS Attacks Hit Record in 2014
2.   Google Hacker Team to Hunt Bugs
3.   Russian Hacker's Charges Revealed
4.   Hackers Target Western Energy Firms
5.   Android SMS Worm on the Loose


advertisement
Android SMS Worm on the Loose
Malware lets bad actors cash in.
Average Rating:
Big DDoS Attacks Hit Record in 2014
Attackers often use NTP reflection.
Average Rating:
Hackers Target Western Energy Firms
Appears to be state-sponsored group.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.