infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Soundminer Android Malware Listens, Then Ste

[ISN] Soundminer Android Malware Listens, Then Steals, Phone Data

From: InfoSec News <alerts_at_nospam>
Date: Fri Jan 21 2011 - 11:18:02 GMT

By Jeremy Kirk
IDG News Service
January 20, 2011

Researchers have developed a low-profile Trojan horse program for
Google's Android mobile OS that steals data in a way that is unlikely to
be detected by either a user or antivirus software.

The malware, called Soundminer, monitors phone calls and records when a
person, for example, says their credit card number or enters one on the
phone's keypad, according to the study.

Using various analysis techniques, Soundminer trims the extraneous
recorded information down to the most essential, such as the credit card
number itself, and sends just that small bit of information back to the
attacker over the network, the researchers said.

The study was done by Roman Schlegel of City University of Hong Kong and
Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, XiaoFeng Wang
of Indiana University in Bloomington, Indiana.

"We implemented Soundminer on an Android phone and evaluated our
technique using realistic phone conversation data," they wrote. "Our
study shows that an individual's credit card number can be reliably
identified and stealthily disclosed. Therefore, the threat of such an
attack is real."


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.