Google Android App Attack: Tracking Clues
Computer security researchers trying to crack the recent major software attack on Google’s Android Market for wireless applications are examining digital fingerprints to try to figure out how and why the attack was perpetrated.
Google has said 58 malicious apps were uploaded to Android Market and then downloaded to around 260,000 devices before Google removed the affected apps last Tuesday evening. It isn’t clear how many users activated the applications, a Google spokesman said. But users who did activate the apps, which included Super Guitar Solo, Advanced Barcode Scanner, Bubble Shoot and many others, ran the risk of having their personal data stolen from their phone and sent to a remote computer server.
One potential clue lies in the server used to help carry out the attack. John Hering, CEO of mobile security provider Lookout, said that as part of his company’s investigation of the incident it found that the attack’s “command and control” server, which received the stolen data from the smartphones, traced back to Hurricane Electric, an Internet service provider based in Fremont, Calif. Mr. Hering said his company contacted Hurricane Electric on the morning of March 2 soon after it discovered the server’s role in the attack, and asked the company to shut it down.