First SMS Trojan for Android is in the wild
 

Original here - http://www.theregister.co.uk/2010/08...id_sms_trojan/

Can someone explain how is this possible if you're phone is not rooted ?

Is this possible for maemo ?

Re: First SMS Trojan for Android is in the wild
 

Well, the user can send a SMS and so can apps you install. Granted you grant it permission do that, of course.

Re: First SMS Trojan for Android is in the wild
 

Having used Android as my primary mobile OS in the past, I'd have to say in it's defence that it gives you the options to

a) reject any apps that aren't approved by the Android Market Place
b) gives you a list of functions that the app requests permissions to access
c) gives you a further warning right before installation if you opt out of option a

I wouldn't knock a point off of Android's tally because of this, but that's just my opinion.

Interesting stuff though!

Re: First SMS Trojan for Android is in the wild
 

There was an interesting talk of Collin Mulliner at a hacking conference in 2009:
Fuzzing your phone with SMS:
http://www.youtube.com/watch?v=QnHZhO7Ktfk
http://www.youtube.com/watch?v=lMNBIHW-B78
http://www.youtube.com/watch?v=L-rRNdIZPtM
http://www.youtube.com/watch?v=RG9MNswnpw0
or just:
http://ftp.uni-kl.de/CCC/26C3/mp4/26...your_phone.mp4

http://mulliner.org/security/sms/

Mulliner researched iPhone, Android and Windows Mobile - but not N900 :(

Personally, I think that the N900 has also bugs in the SMS application. Unfortunately, Nokia does not publish the source code.

Therefore we need some white hat binary hackers that create a fuzzing framework for the SMS applications.

I already contacted "Reggie" to create a new forum [Security] - but no reply until now :(.

Re: First SMS Trojan for Android is in the wild
 

imo, the two device setup of smart tablet (n8x0 style) and dumb phone makes sense.

sure hope some company embrace meego as a pmp base.