Two researchers at TippingPoint’s Digital Vaccine Group have succeeded in bringing together approximately 8000 iPhone and Android users, into a bonnet experiment to demonstrate the distribution of malware.
Derek Brown and Daniel Tijerina discussed their experiment at the RSA Conference held in San Francisco last week: the main objective was to demonstrate how a weather application for smart phones behaves in a similar manner to traditional malware attacks, with the ability to steal information and allowing remote control of the devices.
WeatherFist is the name of the app created by Derek and Daniel. Do you know this app? You might be one of those 8000 users. The app was not distributed through official channels ( i.e Apple’s App Store ), instead they distributed the WeatherFist application via third party app markets like Cydia, SlideME and Modmyi, meaning that it could only be installed on jailbroken iPhones or Android devices where users had specifically given permission for non-approved applications to be run.
Basically the app makes a request to obtain your GPS coordinates and sends them to a server where they are converted into the corresponding Zip code. This data was sent to WeatherUnderground.com , from where the apps pulls the weather info for your area.
Ok, nothing unusual so far. Sure, but Derek and Daniel said they have created a malicious version of the same app called WeatherFistBadMonkey, able to gain control of remote devices and access sensitive information.
Oh snap, kid…. this is crazy. Yeah it is. Once again, this kind of attacks can only affect jailbroken users. To protect yourself against malware, change your SSH password. See tutorial here…