After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available.
Shantanu Gawde, 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi.
Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device’s hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose.
Basically, there are two types of Firefox OS apps: packaged and hosted. Packed apps are essentially a zip file containing all of of an apps assets: HTML, CSS, JavaScript, images, manifest, etc.
Hosted apps are just a website is the application, means you can host the app on a publicly accessible Web server, just like any other website.
His PoC will demonstrate his malware application, created using just HTML, CSS, and JavaScript, but capable to perform many malicious tasks remotely on the device i.e. Accessing SD Card Data, Stealing Contacts, downloading-uploading Files on device, Tracking Geological location of the user etc.
"The purpose of the PoC is of course to motivate developers to ensure better security on their platforms rather than providing inspiration to those with malicious intents." he told 'The Hacker News'.
The rapid growth and evolution of mobile malware is swiftly becoming a highly profitable business for cybercriminals. According to the third annual Mobile Threats Report from Juniper Networks, mobile malware threats have grown a huge 614% in the period March 2012 to March 2013.
With mobile malware on the rise and attackers becoming increasingly clever and they are also targeting every possible new platform. Make sure you will be at Ground Zero this year to see live threat to one of the prominent upcoming mobile operating systems.
No comments:
Post a Comment