About these ads

Archive

Posts Tagged ‘Samsung’

16-30 June 2013 Cyber Attacks Timeline

It’s time for the second part of the June 2013 Cyber Attacks Timeline (first part here).

The last two weeks of June have been characterized by an unusual cyber activity in the Korean Peninsula. In a dramatic escalation of events (coinciding with the 63rd anniversary of the start of the Korean War), both countries have attracted the unwelcome attentions of hacktivists and (alleged) state-sponsored groups, being targeted by a massive wave of Cyber attacks, with the South suffering the worst consequences (a huge amount of records subtracted by the attackers).

On the hacktivism front, the most remarkable events involved some actions in Brazil and Africa, and the trail of attacks in Turkey that even characterized the first half of the month. The chronicles of the month also report an unsuccessful operation: the results of the so-called OpPetrol have been negligible (most of all in comparison to the huge expectations) with few nuisance-level attacks.

On the cyber crime front, the most remarkable events involved the attacks against Blizzard, that forced the company to temporarily close mobile access to its auction service, a serious breach against a Samsung service in Kazakhstan, a targeted attack against the internal network of Opera Software (aimed to steal code signing certificates) and several attacks to some DNS registrars. In particular the most serious has been perpetrated against Network Solutions, affecting nearly 5000 domains, among which LinkedIn.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 June 2013 Cyber Atacks Timeline Read more…

About these ads

December 2011 Cyber Attacks Timeline (Part I)

December 21, 2011 Leave a comment

As usual, here it is my compilation of December Cyber Attacks.

It looks like that Christmas approaching is not stopping hackers who targeted a growing number of  organizations including several security firms (Kaspersky, Nod 32 and Bitdefender) even if in secondary domains and with “simple” defacements.

Cyber chronicles report of Gemnet, another Certification Authority Breached in Holland (is the 12th security incident targeting CAs in 2011) and several massive data breaches targeting Finland (the fifth this year, affecting 16,000 users), online gambling (UB.com affecting 3.5 million of users),  Telco (Telstra, affecting 70,000 users), and gaming, after the well known attacks to Sony, Sega and Nintendo, with Square Enix, which suffered a huge attacks compromising 1,800,000 users (even if it looks like no personal data were affected).

Online Payment services were also targeted by Cybercrookers: a Visa East European processor has been hit by a security breach, but also four Romanian home made hackers have been arrested for a massive credit card fraud affecting 200 restaurants for a total of 80,000 customers who had their data stolen.

As usual, hacktivism was one of the main trends for this first half of the month, which started with a resounding hacking to a Web Server belonging to ACNUR (United Nations Refugees Agency) leaking more than 200 credentials including the one belonging to President Mr. Barack Obama.

But from a mere hactvism perspective, Elections in Russia have been the main trigger as they indirectly generated several cyber events: not only during the election day, in which three web sites (a watchdog and two independent news agencies) were taken down by DDoS attacks, but also in the immediately following days, when a botnet flooded Twitter with Pro Kremlin hashtags, and an independent forum was also taken down by a further DDoS attacks. A trail of events which set a very dangerous precent.

Besides the ACNUR Hack, the Anonymous were also in the spotlight (a quite common occurrence this year) with some sparse attacks targeting several governments including in particular Brazil, inside what is called #OpAmazonia.

Even if not confirmed, it looks like that Anonymous Finland might somehow be related to the above mentioned breach occurred in Finland.

Other interesting events occurred in the first two weeks of December: the 0-day vulnerability affecting Adobe products, immediately exploited by hackers to carry on tailored phishing campaigns and most of hall, a targeted attack to a contractor, Lockheed Martin, but also another occurrence of DNS Cache Poisoning targeting the Republic of Congo domains of Google, Microsoft, Samsung and others.

Last but not least, the controversial GPS Spoofing, which allegedly allowed Iran to capture a U.S. Drone, even the GPS Spoofing on its own does not completely solve the mistery of the capture.

Other victims of the month include Norwich Airport, Coca Cola, and another Law Enforcement Agency (clearusa.org), which is currently unaivalable.

As usual after the page break you find all the references.

Read more…

Categories: Cyber Attacks Timeline, Cyberwar, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Breaking: First Known Detection of Carrier IQ in Italy

December 12, 2011 2 comments

Update December 13: Carrier IQ issued an updated statement, new concerns for an endless saga…

I am proud to post here the first known detection in Italy of the infamous Carrier IQ software!

As you will probably know, everything started on Nov. 28, on the other side of the Atlantic, when Trevor Eckhart, an Android developer posted a video on YouTube showing the hidden software Carrier IQ interacting oddly with his mobile phone activity. Eckhart subsequently alleged his keystrokes and data were being collected without his permission.

Easily Predictable, speculation and accusations have immediately begun, concerning the kind of data collected by Carrier IQ and presumably transmitted to Wireless Mobile Operators: as a matter of fact subsequent investigations have shown that the Carrier IQ software is embedded on nearly every mobile phone and operator, at least in the U.S where concerns of consumer privacy led Massachusetts congressman Rep. Edward Markey to ask the Federal Trade Commission to investigate the company over concerns of consumer privacy.

But although many believed the software was logging keystrokes and collecting sensitive data, a subsequent more reasonable analysis carried on reversing the code, has shown a different scenario: the software “only” collects anonymized metrics data, although there are hooks inside the code to events such as keystrokes, possibly suggesting the implementation of this kind of functionality for future versions. Essentially the analysis confirmed the content of a statement by the company which attempted to clarify how information was being collected:

We measure and summarize performance of the device to assist Operators in delivering better service.
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

Nevertheless, since the clarifications did not mitigate the fact that Carrier IQ is s a potential risk to user privacy, and users may not choose to to disable it, As a consequence a bunch of Class Actions lawsuits have been filed against the main handset manufacturers and carriers including, besides the obvious Carrier IQ, AT&T, Sprint Nextel, T-Mobile USA, HTC, Apple, Samsung, and Motorola Mobility.

Of course European regulators could not remain indifferent, and started immediately to  investigate Carrier IQ. Germany’s Bavarian State Authority for Data Protection was the first to contact Apple, which publicly declared to have included Carrier IQ in earlier version of iOS, with support ceased with iOS 5 and completely removed for previous versions in future software updates. The German Example has immediately been followed not only by other  regulators in the U.K., France, Ireland and Italy, but also from organizations like BEUC, the European Consumers’ Organisation that defend the users’ right to be told how their data is used.

I was wondering if Europe’s concerns were exaggerated (since so far the scandal seemed to be contained in the U.S.) until a friend of mine decided to test one of the available Carrier IQ detection tools on his Samsung Galaxy Tab, which was purchased from 3, an Italian Mobile Operator belonging to the H3G Giant.

Of course the results are shown above: the tool detected the Carrier IQ software in an inactive state. The bad thing is that, although apparently inactive, my friend told me he was not able to remove the software following the different procedures available on the web even if he did not spend so much time in its removal. So far I can only show the screenshot but he told me he will give me his device for a deep analaysis (with caution since it is his work device).

Thinking at this strange encounter, I admit I could not help but think to Samsung’s official statement concerning Carrier IQ (and reported by Engadget):

Some Samsung mobile phones do include Carrier IQ, but it’s very important to note that it’s up to the carrier to request that Samsung include that software on devices. One other important point is that Samsung does not receive any consumer user information from the phones that are equipped with Carrier IQ.

Since it is up to the carrier to request the software to be included on Samsung devices, I presume that 3 could have decided to install it on all the devices for the Italian Market. I tested the tool on My HTC Desire and Sensation XE (both belonging to Telecom Italia Mobile) with no result.

Francesco Pizzetti, Italy’s Protection of Personal Data Guarantor will have a lot to do… meanwhile he opened an investigation into how Carrier IQ works and is checking Italian mobile phones to verify where the software is in use.

Mobile devices are more and more becoming inseparable companions for our personal and professional life, and deadly enemies for our privacy…

The Dangerous Liaisons (Updated)

August 22, 2011 1 comment

Did you know that a smartphone might involve as many as 250,000 patent claims? You may easily understand why the $ 4.5 billion auction to buy 6,000 Nortel patents by the consortium formed by Apple, Microsoft, Research in Motion, Sony Ericsson and EMC was so cruel. You may also easily understand why Google, the loser of the Nortel auction, decided to react immediately acquiring Motorola and its patent portfolio made of more than 17,000 approved patents (and another 7,500 patents filed and pending approval) for the large sum of $ 12.5 billion.

Said in few words, the mobile arena is getting more and more agressive and cruel. For this reason, a litte bit for curosity, a little bit for fun, I decided to draw a chart (and a table) showing all the moves of the giant players in this mobile chessboard. Although deliberately incomplete (I did not show in the table the patent saga of NTP Inc. against the rest of the world and the settlement of Motorola vs RIM), it gives a good idea of the dangerous intersections involving partnership, fees, alliances and, most of all, lawsuits… With the strange paradox that some companies (read Apple and Samsung) are enemies before the court, but in the same time business partners.

While visualizing the idea I stumbled upon this similar graph showing the status of the mobile arena on 8 Oct 2010. I decided to use the same layout, omitting some informations, but updating it to the current date. The graph is a little bit confusing, but the confusion of the arrows reflects betten than a thousand words the real situation.

Anyway the war will not stop here: the next targets? Interdigital Inc. with its 8,800 patents  which are attracting several bidders such as Apple, Nokia and Qualcomm; and, most of all, Kodak, whose survival depends on the auction of the 10% of its patent portfolio (1,100 patents), valued as high as $3 billion which are vital to compensate the losses estimated in $2.5 billion.

As far as the table is concerned, in order to avoid repetitions, it only shows the status of the lawsuits and alliances from the perspective of Google, Apple and Microsoft. Enjoy your read and the 250,000 patent claims on your smartphone!

Company Filed Suit Against Has technological alliance with Filed Suite From:
  No one (at least so far!)

Of course Google licensees his Mobile OS to HTC and Samsung (in rigorous alphabetical order), and it is the driver for the impressive market share growthof Samsung and HTC.

In an effort to defend Android’s Intellettual Property “to supercharge the Android ecosystem and will enhance competition in mobile computing”, on Aug 15 2011, Google announced the intention to acquire Motorola Mobility with a $12.5 billion deal. Motorola has nearly 17,000 patents.

Aug 12 2010: Oracle has filed suit against Google for infringing on copyrights and patents related to Java,. Oracle claimed Google “knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property”. Android uses a light proprietary Java Virtual Machine, Dalvik VM, which, according to Oracle infringes one or more claims of each of United States Patents Nos. 6,125,447; 6,192,476; 5,966,702; 7,426,720; RE38,104; 6,910,205; and 6,061,520.

The case is in U.S. District Court, Northern District of California, is Oracle America, Inc v. Google Inc, 10-3561.

The lawsuit is still pending and will likely take several months. The trial between Oracle and Google is expected to begin by November and Oracle is seeking damages “in the billions of dollars” from Google.

On Aug 1 2011, the judge overseeing the lawsuit Oracle filed over the Android mobile OS has denied Google’s attempt to get a potentially damaging e-mail redacted.

Mar 2 2010: Apple sued HTC for infringing on ten patents, nine of which involve technologies which apply to the iPhone, while one involves the use of gestures, but only in a specific use case.

The suit has been filed in the U.S. District Court in Delaware , alleging twenty instances of patent infringement. The company also petitioned the US  ITC to block the import of twelve phones designed and manufactured by HTC.

On Jul 15 2011 Apple won a preliminary patent ruling in an early judgment before the US ITC, in which HTC was found to have breached two of 10 patents held by Apple.

On Aug 8 2011 ITC  announced to have dediced to review Apple’s patent infringement complaint against HTC.

Oct 31 2010: In response to Motorola lawsuit against Apple, Apple sued Motorola and Motorola Mobility for Infringment on several Multi-Touch patents infringments in the Wisconsin Western District Court with two distinct lawsuits. A total of six patents are involved in the two lawsuits.

On Nov 23, 2010: US International Trading Commission announced to review Apple patent case against Motorola.

Apr 18 2011: Apple filed suit against Samsung for copying the design of its iPad and iPhone with its smartphones and tablets.

Aug 10 2011: European customs officers have been ordered to seize shipments of Samsung’s Galaxy Tab computers after the ruling late on Tuesday by a German patents court.

In the last days Apple has been accused of presenting inaccurate evidence against Samsung.

Aug 24 2011: Samsung has been banned from selling some galaxy phones in the Netherlands. The ban is set to begin on October 13, but Samsung doesn’t seem to be taking it too hard.

On Jul 1 2011 the intellectual property of the Canada giant Nortel (in Bankrupt), involving 6,000 patents, was sold for $4.5 billion, in a dramatic auction, to a consortium formed by Apple, Microsoft, RIM, Sony, EMC and Ericsson. Google was the other competitor (and the big looser) for the deal. This event acted as a trigger for the acquisition of Motorola Mobility by Google.

On Aug 3 2011, In a post to the Official Google Blog, Google Senior Vice President and Chief Legal Officer David Drummond said that Apple, Microsoft, Oracle, and others have waged “a hostile, organized campaign against Android” by snapping up patents from Novell and Nortel and asking Google for high licensing fees for every Android device”, accusing them of Patent Bulying.

Curiously, Apple is one of the main technological partners of Samsung for displays and semi-conductors. Samsung produces Apple’s A4 systems-on-a-chip (SoC) and also the two companies collaborate for iPad displays (Apple is moving from LG to Samsung because oof quality issues of the former). Nevertheless the lawsuits between the two companies are compromising their relationships so that Apple is evaluating a new supplier (TSMC) for its A6 nexy generation chipset.

Oct 22 2009: Nokia sued Apple in Delaware court for infringing on  ten patents related to GSM, UMTS, and WLAN standards that Nokia states they established after investing more than EUR 40 billion in R&D over the last 20 years.

On Jun 14 2011 Apple agreed to pay between $300m and $600m to cover the 111m iPhones sold since its launch in 2007. Although the exact number was not specified, additional yearly fees could be part of the agreement.

On Jan 2010 Kodak sued Apple and RIM claiming Apple is infringing its 2001 patent covering technology that enables a camera to preview low-resolution versions of a moving image while recording still images at higher resolutions. The cases were filed in U.S. District Court in Rochester, N.Y., as well as the U.S. ITC.

On Apr 2010 Apple argues that some Kodak still and video camera products violate two of its patents

On Jul 2011: While Kodak’s claim is pending, the commission rules on Apple’s complaint and says Kodak’s digital-camera technology doesn’t violate Apple’s patents.

Oct 6 2010: Motorola sued Apple for patent infringement in three separate complaints; in district courts in Illinois and Florida and a separate complaint filed with the U.S. International Trade Commission. The suits covered 18 different patents, infiringed by Apple’s iPhone, iPad, iPod touch, and certain Mac computers.

The Motorola patents include wireless communication technologies, such as WCDMA (3G), GPRS, 802.11 and antenna design, and key smartphone technologies including wireless e-mail, proximity sensing, software application management, location-based services and multi-device synchronization.

Jan 12 2011: Microsoft has motioned for a summary judgment to block Apple from trademarking the phrase “app store,” as it filed with the U.S. Patent and Trademark Office (USPTO) on July 17, 2008.

Mar 30 2011: Microsoft filed a second objection to Apple’s enduring pursuit to trademark the phrase “app store hiring a linguist, Dr. Ronald Butters, to go head-to-head against Apple’s own hired linguist, Robert A. Leonard.

On Jul 1 2011 US ITC said Apple has violated two S3 Graphics Co. patents in its Mac OS X operating system, but not in the iOS platform. Although not directly related to Mobile, this ruling is meaningful since S3 has been acquired by HTC on Jul 6 2011 for $300 million in order to use their patents in the fight against Apple.

HTC expects final ruling on Apple-S3 graphics case in November.

On Aug 16 2011 HTC filed a new lawsuit against Apple in Delaware’s US District Court, in an escalation of the legal battle between the two smartphone giants. HTC accused Apple to have infringed three of HTC’s patents through its sale of devices including iPads, iPods, iPhones and Macintosh computers.

Oct 1 2010: Microsoft sued Motorola for patent infringement relating to the company’s Android-based smartphones. Microsoft filed its complaint with the International Trade Commission and in a Washington state district court. At issue are nine patents that deal with, among others, sending and receiving e-mail, managing and syncing calendars and contacts, and managing a phone’s memory.

Patent dispute will begin from Aug 21 2011, the hearing procedure can take up to 10 days, the judgment procedure is expected to reach the final verdict point only in March 2012.

Nov 9 2010: Microsoft sued again Motorola for charging excessive royalties on network technology used in Microsoft’s Xbox game system.

Feb 11 2011: a deal with the Devil, Microsoft and Nokia announce their plansto form a broad strategic partnership that would use their complementary strengths and expertise to create a new global mobile ecosystem.

Besides the alliances with Apple and RIM (see the corresponding cell), on May 12 2011 Microsoft has teamed up with HTC, Nokia and Sony Ericsson in Europe, filing a challenge seeking to invalidate Apple’s trademarks on the phrases “App Store” and “Appstore.”

Nov 11 2010: Motorola Mobility sued Microsoft with the U.S. District Courts for the Southern District of Florida and the Western District of Wisconsin alleging infringement of sixteen patents by Microsoft’s PC and Server software, Windows mobile software and Xbox products.

Motorola Mobility asked for the infringing devices to be barred from importation into the United States.

On Dec 21 2010, ITC has agreed to hear the complaint.


What if Android Reassembles The Puzzle?

ComScore has just published its Press Release related to February 2011 U.S. Mobile Subscriber Market Share. 69.5 million people in the U.S. owned smartphones during the three months ending in February 2011, up 13 % from the preceding period. As we have become accustomed to a few months, the Android is still on the top, earning 7 percentage points since November 2010, achieving a 33% market share. RIM ranked second with 28.9 percent market share, followed by Apple with 25.2 percent. Microsoft (7.7 %) and Palm (2.8 %) rounded out the top five.

Top Smartphone Platforms:
3 Month Avg. Ending Feb. 2011 vs. 3 Month Avg. Ending Nov. 2010
Total U.S. Smartphone Subscribers Ages 13+
Source: comScore MobiLens
Share (%) of Smartphone Subscribers
Nov-10 Feb-11 Point Change
Total Smartphone Subscribers 100.0% 100.0% N/A
Google 26.0% 33.0% 7.0
RIM 33.5% 28.9% -4.6
Apple 25.0% 25.2% 0.2
Microsoft 9.0% 7.7% -1.3
Palm 3.9% 2.8% -1.1

Considering the market share on a per-vendor base, provides a different interpretation, and explains some strategic mobile choices of the Mountain View giant. Among the OEM,  Samsung ranked at the #1 with 24.8% of U.S. mobile subscribers, up 0.3 percentage points from the previous three month period. LG ranked #2 with 20.9 percent share, followed by Motorola (16.1 %) and RIM (8.6 percent). Apple saw the strongest gain, up 0.9 percentage points to account for 7.5 percent of subscribers.

Top Mobile OEMs
3 Month Avg. Ending Feb. 2011 vs. 3 Month Avg. Ending Nov. 2010
Total U.S. Mobile Subscribers Ages 13+
Source: comScore MobiLens
Share (%) of Mobile Subscribers
Nov-10 Feb-11 Point Change
Total Mobile Subscribers 100.0% 100.0% N/A
Samsung 24.5% 24.8% 0.3
LG 20.9% 20.9% 0.0
Motorola 17.0% 16.1% -0.9
RIM 8.8% 8.6% -0.2
Apple 6.6% 7.5% 0.9

I am not new to this kind of considerations (already faced in a previous post in Italian), but it is clear that the Android Landscape is becoming a little bit too much fragmented, and this risks to be a serious issue for the Android, both in terms of consumers’ perception, both in terms of security. As far as the consumer perception is concerned: many vendors are pushing more and more customizations not only on their own Android ROMs, but even on the services provided to consumer (read vendor-dedicated markets and services). This sounds confusing for the consumer who will inevitably ask why should he consider, inside the same platform, different parameters of choice external to the mere features of the devices (and how they map to consumer’s need). Not to mention also the tragedy of software updates: a new major release of the Android may take also one year to be ported in some devices, because of the wide customizations made by the manufacturers on their smartphones.

As far as security considerations are concerned, customization affects platform (in)stability and, inevitably security, if it is true that the same code must be adapted to run on different architectures, and security bugs are always behind the door.

These factors are probably behind the rumors claiming that Google has been demanding that Android licensees abide by “non-fragmentation clauses” that give Google the final say on how they can tweak the Android code, to make new interfaces and add services, and also behind the (not confirmed) rumors of standardizing the ARM Chip for Android 3.0. If we sum up these rumors with the fact the Mountain View will not (at least initially) release the Honeycomb Source Code, it looks clear that Google is running for cover in order to stem the excessive number of fragments in which OEM vendors are reducing its precious Android.

The Android is winning the market share battle against Apple and RIM, and forecasts for the next years show a bright future for the Android, destined to achieve nearly the half of the market in 2015. So far the Mountain View Strategy has shown to be winning, but the only obstacle, in this triumphant ride, could by represented by fragmentation, which might drive consumers to the monolithic models of Cupertino and Waterloo.

Chronicles Of The Android

April 1, 2011 2 comments

The title of this post recalls a science fiction novel, but actually summarizes well a couple of news concerning the Android, which bounced in these days. Even if they seem apparently disjoined I decided to insert them in the same post: there is a logical link which connects the commercial success of a platform and the attention it attracts by malicious, and this seems to be the destiny of Android, to which the market share reserves a bright future, which become much less bright if one considers the information security consequences.

 

Part 1: Smartphone Market Share

This seems to be the right time for predictions as far as the smartphone market is concerned, that is the reason why I really was enjoyed in comparing the projections of ABI Research (released today), with the ones released from IDC a couple of days ago. The results are summarized in the following tables. Even if they are targeted at different years in the near future (respectively 2016 for ABI Research and 2015 for IDC), comparing the two reports is interesting for imaging what the future of the smartphone Operating System will be.

ABI Research IDC
Operating System 2010 2016 Operating System 2011 2015
Android 23,00% 45,00% Android 39,50% 45,40%
RIM 16,00% 14,00% RIM 14,90% 13,70%
iOS 15,00% 19,00% iOS 15,70% 15,30%
Symbian 36,00% - Symbian 20,90% 0,20%
Windows Phone 7/Windows Mobile 0,60% 7,50% Windows Phone 7/Windows Mobile 5,50% 20,90%
Others 9,40% 14,50% Others 3,50% 4,60%

Often the providers of market intelligence do not agree on anything, but in this case, if there is one thing that seems to have no doubt, is the scepter of the Android, which seems to be destined, for both reports, to rule the market with nearly one half of the total smartphones shipped after 2015. The data also confirm a stable position for RIM (around 13%-14%), while do not completely agree as far as Apple is concerned, for which ABI research estimates a market share of 19% in 2016 and IDC a market share of 15% in 2015. But were the data are surprisingly different, is on the Windows Phone Market Share. According to ABI Research, Windows Phone will reach the 7% of the market (which become 7.5 adding the market share of its predecessor Windows Mobile). Unfortunately I do not think that, according to Microsoft’s hopes, the number 7 which identifies the mobile operating system series, pertains to the market share in 2016. Last and (unfortunately) least? IDC is more optimistic and foresees a bright future for Redmond in the mobile arena, with its creature ranking immediately behind the Android with the 20% of the market. Will be very amusing to see (in 5 years if we will remember) who was right.

Last and (unfortunately) least, the poor Symbian, sacrificial victim of Nokia and Microsoft agreement, which, in 5 years will remain little more than a romantic remembrance for mobile lovers, while, surprisingly, ABI research foresees a surprising 10% market share for Samsung Bada in 2016.

Part 2: Mobile Malware Market Share

Of course I am an infosec guy so I wonder if also the mobile malware will follow the same trend. This consideration arises from an interesting article I found in the Fortinet blog. Of course data must be taken with caution, but I could not help noticing that when one switches from smartphone market share to mobile malware market share, the ranking positions are reversed: over 50% of mobile malware families detected by the security firm concern Symbian, approximately 15% are Java ME midlets, while the Android approximately suffers only of the 5% of the infections. Of course, as correctly stated on the article, this does not means that Symbian is the less secure. In my opinion the bigger percentage of mobile malware is a simple consequence of the fact that Symbian is still the Operating System with the greater spread. Of course malware writers deserve bigger attention to those platforms which offer the wider attack surface (that is the wider possibility to spread infections). And in this moment, Symbian is an attractive prey from this point of view. My sixth sense (and one half as we say in Italy) says that the Android will not take a long time in order to achieve also the unenviable first position also in the mobile malware market share, not only because it is spreading at an incredible speed, but also because it is becoming an enterprise platform (so the value of the data stored are much more attractive for Cyber Crooks.

As if on purpose, today Symantec discovered yet another malware for Android (Android.Walkinwat), which, at least for this time, tries to discipline users that download files illegally from unauthorized sites. Analogously to some of its noble malware predecessors (Geinimi, HongTouTou, Android.Pjapps), the malware is hidden inside a non-existent version of a true application (in this case Walk and Text) and downloaded from parallel markets from Asia and United States, but instead of stealing private data, simply floods of SMS the contacts.

Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. I am stupid and cheap, it costed only 1 buck. Don’t steal like I did.

At the hand, after sending the SMS (affecting the user’s phone bill) it warns the user with the following message.

Unfortunately downloading malware from Asian parallel market is not new, and it is not a coincidence that the same report from Fortinet indicates that most mobile malware families are implemented by Russian or Chinese coders. This is undoubtely an increasing trend, and I am afraid that Chinese coders will soon shift their Cyber Espionage Operations to mobile devices…

Matrimonio Con Il Morto

February 6, 2011 3 comments

Sembra che le voci di un possibile matrimonio tra Microsoft e Nokia, siano destinate a trovare conferma tra pochissimi giorni, forse addirittura l’11 febbraio. Il matrimonio dovrebbe avere come dote principale Windows Phone 7 che potrebbe andare ad equipaggiare i terminali di casa Nokia, che in tal caso vedrebbe modificare drasticamente la propria immagine: da produttore di una piattaforma completa (hardware più software) a semplice costruttore di terminali, alla stregua di altri colossi quali LG, HTC, (parzialmente) Samsung, etc.

Gli ingredienti ci sono tutti: in primo luogo da settembre 2010 al timone (sarebbe meglio dire alla slitta) del gigante finlandese c’e’ proprio un enfant prodige Microsoft, Stephen Elop, che per la prima volta ha spodestato un finlandese dal gradino più alto dell’azienda; in secondo luogo è ormai noto che Symbian e MeeGo (rispettivamente i sistemi operativi mobili per la fascia medio-bassa e alta del mercato), anche se su piani diversi, stanno arrancando per obsolescenza tecnologica (Symbian) e per la difficoltà di imporsi in un mercato dove l’Androide, la Mela e il Lampone oramai la fanno da padroni (con conseguente calo continuo dei profitti)

Ma se Esp00 piange, Redmond non ride: dall’altra parte dell’Oceano la situazione non è molto diversa. Sebbene l’ultimo nato di casa Windows sia un prodotto dignitoso, stenta comunque a diffondersi a causa del ritardo nel lancio e di alcune mancanze di gioventù (e di time-to-market) difficilmente perdonabili.

In questo senso si spiega dunque la strategia, applicabile ad entrambi i coniugi di questo matrimonio d’interesse, di appoggiare la sinergia su un ecosistema già esistente di terminali e servizi.

Con tutta probabilità il matrimonio porterà in dote ai Finlandesi Windows Phone 7 ed agli americani la possibilità di poter sfruttare la diffusione (ed il valore del brand) del principale produttore mondiale di terminali per numero di diffusione. Tutte rose e fiori quindi? Per niente affatto: sul piatto delle leggi di mercato dovrà essere lasciata almeno una vittima illustre. Tre sistemi operativi sono troppi per Nokia, per cui lo storico Symbian dovrà rassegnarsi a un mesto prepensionamento, oppure MeeGo non vedrà mai la maturità, interrompendo la propria carriera incompiuta nel bel mezzo di una stentata adolescenza.

Certo mi viene da storcere il naso al pensiero, ma oramai ho abbandonato Symbian senza troppi rimpianti, se non la romantica nostalgia di un sistema operativo che ha accompagnato la mia crescita professionale oramai da quasi 10 anni. Se invece guardo alla questione da una prospettiva più ampia, due sono le considerazioni che sorgono spontanee: una su un piano strettamente legato al mondo mobile ed una, più generale, relativa alla cultura manageriale:

  1. Relativamente al mondo mobile ho la sensazione che direttamente o indirettamente in questo matrimonio entrerà anche Intel: è vero che il colosso di Santa Clara ha storto il naso (con malcelata altezzosità) al fatto che Microsoft abbia pericolosamente strizzato l’occhio ad ARM, ma è altrettanto vero che Intel sta sviluppando MeeGo congiuntamente con Nokia e sta contemporaneamente investendo (anche) in tecnologie di sicurezza mobile con l’acquisizione di McAfee. Vedo quindi difficile una strategia mobile autarchica in un mercato che sembra ormai lasciare poco spazio agli outsider anche se dotati della potenza di fuoco di Santa Clara;
  2. Più in generale la mossa di Stephen Elop appare molto azzardata ma ribadisce un concetto: in un mercato globale  e aggressivo il manager rompe le regole e gli equilibri. Non è un caso che lo stesso Elop stia, proprio in questi giorni, avviando una operazione di “mietitura” (di teste) all’interno dei papaveri Nokia responsabili dell’eccessiva inerzia dell’azienda. In maniera superficialmente banale, non ho potuto fare a meno di accostare la temerarietà (e mi auguro la vision) del CEO Nokia a quanto sta accadendo in questi giorni alla prima (e quasi unica) fabbrica nazionale di automobili, anche lei nel bel mezzo di un matrimonio d’interesse con un partner d’Oltreoceano che sta sconvolgendo i piani di una economia tradizionale.

Un’altro colosso sul piede di guerra nell’affollatissimo mercato mobile. Vedremo se il matrimonio snaturerà l’immagine di Nokia oppure l’azzardata scommessa di Elop darà i suoi frutti, restituendo lo smalto (e le quote di mercato) ad una nobile azienda che appare indirizzata verso la via del declino.

Follow

Get every new post delivered to your Inbox.

Join 3,088 other followers