Image of the Day: Fake Angry Birds Android App

Security researcher Jon Oberheide wrote a fake extension to the popular Angry Birds mobile game and put it in the Android Market as a demonstration of how an attacker could exploit a vulnerability he’d found in Android. The phony app didn’t do anything malicious, but it had permissions on Android handsets that enabled it to send toll SMS messages, steal contacts and take other actions, without the user’s knowledge.

Fake Angry BirdsSecurity researcher Jon Oberheide wrote a fake extension to the popular Angry Birds mobile game and put it in the Android Market as a demonstration of how an attacker could exploit a vulnerability he’d found in Android. The phony app didn’t do anything malicious, but it had permissions on Android handsets that enabled it to send toll SMS messages, steal contacts and take other actions, without the user’s knowledge.

Angry Birds

Suggested articles

Discussion

  • Anonymous on

    Thanks threadpost for being on top of this vulnerability now for a while.

    Here is my story on trying to get a patch for my HTC Aria Android 2.1 phone on AT&T.

    First I sent an e-mail to at&t requesting some information on what the plan is to release a patch for this. The reply asked me to call 611 and ask for technical support.

    Lauren from tech support then told me she had never heard of this issue and that AT&T is not responsible for the OS on the phone, it's the responsibility of the device maker HTC. She was nice enough to get me the HTC customer support number.

    So next I called HTC and asked the same questions. Their claim is that they have no control over Android. So I said, but this is fixed in 2.2, so when will you release 2.2 for the Aria?

    Well, supposedly it's not their call, they are just contract manufacturing for AT&T and it's up to AT&T to request a new version of the OS.

    And now the kicker. 'If we were ever to release a version of Froyo for the Aria it would be a very minimal version, since the hardware is not powerfull enough.' This from HTC tech support.

    In any case, I'm really disappointed in them passing the buck back and forth and will from now on select carriers and phone makers that are more up to date on getting patches out.

    BTW. I'm not even asking for an update to Froyo, that's a different story. I want a patch for the public vulnerability on a phone that is barley 3 month old.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.