FBI发布安卓安全警告
希望让产品进入iOS App Store的软件开发者们经常报怨苹果(Apple)在他们头上强加了各种条条框框,不过苹果这样做也是有原因的。除了要拿到30%的收入分成之外,还有一个原因,可以从上周五美国联邦调查局互联网犯罪举报中心(FBI’s Internet Crime Complaint Center)发布的警告中看出来。 警告开篇写道:“FBI互联网犯罪举报中心了解到,近期有大量恶意软件在攻击安卓(Android)系统的移动设备。最新为人所知的两个此类恶意软件叫做Loozfon和FinFisher。 •Loozfon是一个盗取信息的恶意软件。犯罪份子利用这个软件的各种伪装来欺骗受害者。其中一个伪装就是提供一个在家工作的机会,称用户只需在家里发发电子邮件,就能赚到不少钱。这种虚假广告一般都有一个链接,会自动转到一个恶意网站上,将Loozfon软件推送到用户的设备上。该恶意应用会从用户的电话簿里窃取联系信息,同时也会偷到受感染设备的电话号码。 •FinFisher是一个能控制移动设备的间谍软件。安装后,无论目标在何处,黑客都可以通过FinFisher对该移动设备进行远程监控和控制。FinFisher可以藏身在特定的网页链接里,也可以伪装成一条系统升级短信。只要用户点开它,它就会轻而易举地直入到智能手机里。 FBI给三星(Samsung)、摩托罗拉(Motorola)和HTC等运行谷歌(Google)安卓系统的智能手机机主提出了以下建议: •购买智能手机时,要了解这款设备的功能,包括默认设置。尽量关闭不必要的功能,将遭受攻击的可能性降到最小。 •根据手机的类型,有些操作系统可以进行加密。手机丢失或被盗时,加密程序可以保护机主的个人信息。 •移动应用日益增长,用户们在下载应用前应该看看开发者或开发公司的评测文章。 •下载应用的时候,先看看需要向这个应用开放哪些权限。 •密码可以保护移动设备,它也是保护移动设备中的内容的第一层实体堡垒。除了使用密码之外,还应开启自动锁屏功能,让手机待机几分钟后就自动锁屏。 •用恶意软件防护程序来保护移动设备。不少专门的防护软件都可以保设备免遭流氓程序和恶意软件的侵害。 •当心那些需要共享地理位置的应用,因为它们会追踪用户的地理位置。这种应用可能被用作营销之用,但也有可能用于违法活动,比如跟踪或盗窃。 |
Developers often complain about the hoops Apple (AAPL) makes them jump through to get their wares into the iOS App Store. But the company has its reasons -- besides its 30% cut of the revenue -- and one of them was illustrated by the warningissued Friday by the FBI's Internet Crime Complaint Center (IC3). "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices," it begins. "Some of the latest known versions of this type of malware are Loozfon and FinFisher." •Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number. •FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update. For owners of smartphones running on Google (GOOG) Android platform -- including those made by Samsung, Motorola and HTC -- the Bureau offer these safety tips: •When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device. •Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft. •With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application. •Review and understand the permissions you are giving when you download applications. •Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity. •Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware. •Be aware of applications that enable Geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries. |