“Malware embedded into legitimate-looking games designed for Windows Mobile has appeared, automatically dialing up foreign telephone services to rig up hundreds of dollars in illicit charges for users behind their backs,” Prince McLean reports for AppleInsider.
“The discovery, reported by John Hering of the Lookout security firm, was covered in a report by Reuters, which inaccurately described the malware a ‘virus’ and misleadingly referred to the exploit as being orchestrated by ‘hackers,'” McLean reports. “In reality, the malware was simply the product of malicious mobile software developers who misrepresented their work as safe, and distributed it through ‘sites that provide legitimate software for mobile devices.'”
“The fraudulent mobile software for Microsoft’s smartphone platform punctuates the warnings Apple has been sounding about security-free software distribution, and underlines why the company has maintained a strict policy that forces iPhone mobile developers to get their work approved by and cryptographically signed for distribution by Apple itself,” McLean reports. “Critics have chafed at Apple’s secure software signing model and have praised Google’s alternative Android model, which enables users to download software from any source, without any security model in place, at their own risk.”
McLean reports, “The appearance of malware on Windows Mobile is particularly interesting because the motivation of this assault was entirely financial. That being the case, the fact that the malicious developers targeted Windows Mobile, which is almost entirely limited to the US and now trails Symbian (42%), RIM (21%), and Apple’s iPhone OS (15%) in market share (9% over the last year), throws decades of Windows-based punditry on its head because ‘malicious hackers’ supposedly only target the largest platform.”
Read more in the full article here.
MacDailyNews Take: Security via obscurity disproven yet again. For further reading, please see: Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 04, 2010
Wow! Just, Wow!
Good job, Microsoft.
Insecurity via obscurity. Niiiicccccce.
Anyone who buys a Windows phone probably has a Windows PC so they are used to malware. They deserve each other.
Another nail in the coffin of the “security by obscurity” myth, as Windows Mobile certainly qualifies as “obscure” by now. Yet more proof that malicious coders will target weaknesses they can exploit, regardless of the marketshare it has. (Further proven by the fact that malware exists for only jailbroken iPhones, which comprise a very small minority compared to regular iPhone users.)
Remember, Apple had this same problem with apps they approved. It started sending info on the device and it’s whereabouts and ultimately disclosed the presence if the iPad before it was launched. Steve Jobs ranted about this at D8.
We shouldn’t be too sanctimonious or risk being hypocrites.
What does death, taxes, and a M$ OS virus/malware problem have in common?
Inevitability
@ MadMac – You’re trying to equate data privacy breaches with malware infections? Seriously?? Sure, both are serious, but it’s extremely disingenuous to pretend there isn’t a huge difference between them.
@Gabriel… I believe it’s called tortured logic.
So finally the truth comes out. The least amount of users of a product doesn’t guarantee that it is safe. Yet
most PC experts have always claimed that Macs were virus free because of there smaller user base.
Well so much for that as being fact.
OSX is safer because it just is, ask Google.
I’d be more shocked if the sun rose in the east tomorrow.
It’s those fifth columnists, I tell ya! Fifth Columnists!
Microsoft TAX at its best. Probably why MS and their cronies have shut the F up with that “Apple Tax” Campaign. ahahahahahahaha
Hope those idiots over at CNET are reading this. It just proves that hackers pick on an OS because it’s easy to hack. They don’t bother with MacOS because it’s difficult to hack. That simple. Learn to live with it instead of creating this security by obscurity nonsense. Windows: Our security is your pane (pain).
Exactly the reason that iPad & iPod apps have to be fully tested and intensely scrutinised before going on sale.
Buy Apple & Stay Safe.
Someone tell the Financial Times.
Oh- not to worry. Symantec, TrendMicro, AVG and all the rest will come to the “rescue”. They’ll have an anti-thisNthat for WinMobile soon enough… problem solved.
<<Comment from: MadMac
Remember, Apple had this same problem with apps they approved. It started sending info on the device and it’s whereabouts and ultimately disclosed the presence if the iPad before it was launched. Steve Jobs ranted about this at D8.
We shouldn’t be too sanctimonious or risk being hypocrites.>>
At least get your logic straight. This WASN’T the “same problem”. The key difference is that Apple can always track down the offending app to its source, since it’s signed. They’ve already talked to Flurry Analytics to solve the problem.
Unfortunately, just like the infamous “Megahertz Myth”, the “Security by Obscurity Myth” isn’t going away anytime soon. There will always be the uninformed to unknowingly help the FUDsters perpetuate it.
Now on the other hand, that myth about the size of a guy’s pancreas corresponding to the size of his……..
Ballmer was heard screaming, “Where are I my fucking Twinkies?”
But… But… But… No one writes malware for unpopular computers!! Only the most popular OS ever gets targeted! How can this be?
DENIAL!!!!
Jun 05, 10 – 03:03 pmComment from: MadMac
DENIAL!!!!
IDIOT…. :- ~
It’s security via Microsoft’s incompetence at security. Windows (of any type) gets targeted by these criminal hackers, because it is the easiest target. Mac OS X or iPhone OS is the less likely target because doing so is much more difficult and much less likely to be rewarding (for the hacker).
So it is absolutely true that Windows is targeted more often. But “obscurity” has nothing to do with the reason, as proven by this example. For hackers, Microsoft (not Apple) is the low-hanging fruit, even when it’s market share is 9%.
@ happymac,
Thank you for making my point!
And it’s possible this was just a test…exploiting a flaw in Windows Mobile to see if the same flaw existed & could be exploited in Android. The designers may have hoped the attack would fly under the radar since the installed base was relatively low.