Dhowr maalmood ka hor, waxaan joogay shir amniga oo la yiraahdo ESET Security Days . Waxaa jiray kulamo aad u xiiso badan waxaanan la kulmay dad aad u badan oo caqli badan oo ka shaqeeya amniga macluumaadka. Mid ka mid ah iyaga waa Nick FitzGerald , Cilmi-baarista Sare^{(Senior Research Fellow)} ee ESET . Wuxuu ilaaliyaa amniga nidaamka deegaanka ee Android waxaana nasiib u yeelanay inuu marti ku noqdo wareysi ku saabsan malware iyo amniga aaladaha Android . Waxyaabo badan oo xiiso leh ayuu ii sheegay, waana inaad akhridaa waraysigan:

Waa kuma Nick FitzGerald?

Kahor intaanan u galin wareysiga, waxaan jeclaan lahaa inaan ka hadlo waxoogaa ku saabsan Nick FitzGerald . Waa qof si gaar ah u gaar ah oo ay adag tahay inaad internetka ka hesho wax macluumaad ah oo isaga ku saabsan. Maanta waxa uu ilaalinayaa amniga macluumaadka ee ESET Australia , isaga oo inta badan diiradda saaraya nidaamka deegaanka ee Android . Nick waa mid ka mid ah dadka aasaasay habka loogu talagalay shahaadada VB100 oo ku sameeyay imtixaanadii ugu horreeyay ee VB100 ee Virus Bulletin . Waxa weheliya shaqadiisa ESET^{(job at ESET)} , wuxuu wali la shaqeeyaa Virus Bulletin isagoo xubin ka ah guddiga la-talinta.

Markii aan la kulmay, waxaan aad ugu riyaaqay saaxiibtinimo iyo furfurnaantiisa. Waxa uu la wadaagay xog badan oo xiiso leh intii uu shirku socday, markii aan xoogaa la cashaynayey, waxa aan aad ugu riyaaqay sheekadiisa iyo kaftankiisa. Farxad ayey ii ahayd la kulankaas, aad baan ugu faraxsanahay in uu aqbalay in uu marti ku noqdo waraysigan.

Waa maxay nooca malware-ka ugu badan ee maanta lagu beegsado isticmaalayaasha Android ?

Xogta telemetry ee ogaanshaha waxaan ka soo celinaynaa kuwa ku jira saldhigayada rakiban ee suurtageliyay ikhtiyaarka wadaaga telemetry, saamiga ugu badan ee ogaanshaha waa fasalka guud ee waxyaabaha aan ugu yeerno Codsiyada Aan La rabin^{(Potentially Unwanted Applications)} (ama PUA ). Dhammaan macaamiisheena ma doortaan in PUA-yada^(PUAs) la ogaado - waa ikhtiyaari-waqti-rakiba mana jirto meel aan toos ahayn; macaamiishu waa inay samaystaan ​​dookhooda. PUAs caadi ahaan waa abka isticmaala farsamooyinka hadhka leh si ay u gaadhaan natiijooyin, in kasta oo aan si xad dhaaf ah xaasidnimo ahayn (kuwaas oo si toos ah u xannibi kara badeecadeena iyada oo aan macaamiil haysan wax doorasho ah), waayo-aragnimadu waxay ina tusinaysaa macaamiil badan oo aan jeclayn inay ku shaqeeyaan qalabkooda.

Ka dib PUAs , iyo in la eego ogaanshaha dhabta ah ee malware, noocyada ugu badan ee malware-ka Android ee aan ku aragnay xannibaadyada qalabka macaamiisha sanadkan waa "Dhibaatooyinka". Kuwaani caadi ahaan waa xidhmo sharci ah (inkasta oo inta badan aan sax ahayn) abka iyo shay xaasidnimo ah. Caadi ahaan qaybta xaasidnimada ah lama rakibo ama lama daayo ilaa wakhti ka dib rakibidda abka hore. Kani waa horumar dhawaanahan ku soo kordhay garoonka Android malware-ka laakiin waxa uu si degdeg ah caan ugu noqday qorayaasha malware-ka. Apps-ka ay ku rakiban yihiin kuwa riddada ah waxay noqon karaan wax kasta, laakiin waxay u muuqataa xilligan in barnaamijyada xayeysiinta ee PUA ay yihiin kuwa ugu badan ee la bixiyo.^(PUA)

Waa maxay waxa ugu xun ee ku dhici kara isticmaalayaasha Android haddii qalabkoodu uu ku dhaco malware?

Ma ka warqabo in tani ay dhaceyso, laakiin aragti ahaan aaladda waxaa laga yaabaa in "lagu dhejiyo", si ula kac ah ama aan ula kac ahayn. Haddii ay taasi ka fiican tahay ama ay ka xun tahay, dheh, in la xado sirahaaga ugu dhow (iyo sawirrada) oo laga yaabo in lagu dhejiyo shabakadda ama haddii kale loo isticmaalo isku day lagugu ceebayn karo ama lagugu madax furtay, waxay ku xidhan tahay qofka aad tahay iyo waxa aad hayso. , ama waxaad ka heli kartaa, casrigaaga casriga ah.

Raadinta malware -ka dhabta ah ee Android , qoyska ^(Android)LockerPin , kaas oo dejin kara shaashadda qufulka ee PIN oo aan la garanayn dembiilayaasha ayaa aad u xun, maadaama shuruudaha u oggolaan kara ka soo kabashada culeyska qalabka-qufulka aan waligood laga helin wax caadi ah. qalab.

Aragtidaada, waa kuwee daciifnimada ugu weyn ee nidaamka deegaanka Android uu leeyahay xagga amniga?

Marka la barbar dhigo tartameheeda ugu weyn ee goobta mobaylada, iOS, Android waa xoogaa furan, taasoo u oggolaanaysa horumariyeyaasha iyo isticmaalayaasha dabacsanaan weyn. Taasi waxay u horseedi kartaa faa'iidooyin isticmaalaha laakiin sidoo kale waxay la macno tahay in waxqabadka xaasidnimada ah si fudud loogu jiheeyo isticmaalayaasha Android . Waxaa jiray, tusaale ahaan, apps ka badan oo xaasidnimo badan ayaa galay dukaanka rasmiga ah ee Google -ka marka loo eego ^(Google)Apple 's. Dheeraad ah^(Further) , Google guud ahaan aad ayuu uga shakisan yahay qiimaha suurtagalka ah ee alaabta amniga ee qalabka Android , sidaas darteed ma bixiso awoodo horumarsan si ay si fiican u taageeraan alaabtaas. Tani waa daciifnimo weyn oo qaab dhismeedka Android ah^(Android)nidaamka hawlgalka.

Marka la eego aaladda Android iyo sida loo dhisay, kuwaas oo ah waxyaabaha ugu sarreeya ee alaabada amniga Android aysan u qaban karin isticmaaleyaasha marka loo eego ilaalinta?

La'aanta xirmooyinka nidaamka ama API-yada^(APIs) amniga rasmiga ah waxay la macno tahay in iskaanka gelitaanka saxda ah aan la samayn karin. Hadda, iskaanka fayrasku waxa uu ku kooban yahay hubinta abka marka xidhmada rakibaheedu lagu soo dejiyo qalabka iyo mar labaad marka abka la rakibo. Google waxa uu u oggolaan karaa abka ammaanka la xaqiijiyay inay ku rakibaan mudnaan sare laakiin uu doortay inaanu samayn, sidaa darteed si ka duwan nidaamyada kale ee hawlgalka, sida Windows tusaale ahaan, abkaaga ammaanka Android waa abka kale oo ku shaqeeya isla heerka mudnaanta mid kasta oo kale. Si la mid ah waxa quseeya ayaa ah in mudnaanta maamulaha Aaladda^{(Device Administrator)} la dhimay rabitaanka adeegsadaha. Waan joojin karnaa iyaga, laakiin waxay u badan tahay inay si sahal ah noogu baabi'iyaan.

Sidee badeecada amniga ee Android , sida ESET Mobile Security & Antivirus u ilaalisaa isticmaalkeeda?

Alaabtayada amniga Android waxay^{(Android security products)} bixiyaan dhawr nooc oo ilaalin ah. Waxaa jira kood xaasidnimo ah iyo (ikhtiyaar ahaan) daryeelka ogaanshaha PUA ee shaqeynta ka-hortagga, xannibaadda mareegaha xaasidnimada leh iyadoo la adeegsanayo ^(PUA)ESET Live Grid® , goobta aaladda iyo shaqeynta ka hortagga tuugada iyo nidaamka ogaanshaha.

Xusuusta tifaftiraha: ^{(Editor's note:)} PUA waxay la macno tahay ^(PUA)Codsi^{(Application)} Aan La rabin . Baahinta guud ee PUA^{(Generic PUA)} waxay ku siinaysaa ogaanshaha waqtiga ee codsiyada cusub iyo kuwa la cusboonaysiiyay ee suurtogalka ah ee aan la rabin^{(Potentially Unwanted Applications)} .

Waa kuwee talooyinka ugu sarreeya ee aad u soo jeedisay isticmaalayaasha Android , marka laga reebo ku isticmaalka alaabta amniga ee qalabkooda?

Ku dheji Play Store -ka rasmiga ah (nooca noocaas ah waa talooyinka gobollada qaar ee adduunka!) Oo aad uga taxaddar siinta mudnaanta maamulaha Aaladda^{(Device Administrator)} wax kasta oo aan ahayn ammaan daacad ah ama barnaamijka maamulka nidaamka.

Maxaad u malaynaysaa malware-ka, amniga iyo qarsoodiga Android ?

Hadda oo aad akhriday aragtida Nick , waxaan jeclaan lahaa inaad la wadaagto kaaga. Ma u malaynaysaa inaad u baahan tahay alaabta amniga ee Android ? Mid ma^(Are) ku isticmaaleysaa taleefannada casriga ah iyo tablet-yada? Ma^(Did) la macaamishay malware-ka Android iyo maxaa dhacay ed?

"Stick to the Google Play store!" says renowned information security expert at ESET

A cоuple of days ago, I was at a security conference called ESET Security Days. There were quite a few intereѕting sessions and І've met quite a lot of smart people who work in informatiоn security. One of them is Nick FitzGerald, Senior Research Fellow at EЅET. He takes care of security in the Android ecosystem and we were lucky to have him as a guest in an interview about mаlware and ѕecurity on Android devices. He h ad many interеsting things to say and you should read this interview:

Who is Nick FitzGerald?

Before we go into the interview, I would like to talk a bit about Nick FitzGerald. He is a very private person and you can hardly find any information about him on the internet. Today he is taking care of information security at ESET Australia, focusing mostly on the Android ecosystem. Nick is one of the people who established the methodology for VB100 certification and ran the first VB100 tests at Virus Bulletin. Alongside his job at ESET , he still works with Virus Bulletin as a member of its advisory board.

When I met him, I very much enjoyed his friendliness and openness. He shared lots of interesting information during the conference and, while dining with him for a bit, I very much enjoyed our conversations and his sense of humor. It was a pleasure meeting him and I am very happy that he accepted to be a guest in this interview.

What is the most common type of malware that targets Android users today?

From the detection telemetry data we get back from those in our installed base who have enabled the telemetry sharing option, the greatest proportion of detections is the general class of things we call Potentially Unwanted Applications (or PUA). Not all of our customers choose to have PUAs detected – it is an install-time option and there is no default setting; the customer must make their own choice. PUAs are typically apps that use shady techniques to achieve results that, while not overtly malicious (which would be outright blocked by our product without the customer having any choice), experience shows us many customers do not wish to have run on their devices.

After PUAs, and looking at real malware detections, the most common types of Android malware we have seen blocked on customer devices this year are "droppers". These are typically a bundle of a legitimate (although usually quite inane) app and something malicious. Commonly the malicious component is not installed or enabled until sometime after the initial app installation. This is a relatively recent development in the Android malware arena but has rapidly become quite popular with malware writers. The apps installed by such droppers can be anything, but it seems at the moment that PUA advertising apps are the most common payloads.

What is the nastiest thing that can happen to Android users if their devices get infected with malware?

I'm not aware of this happening, but in theory the device could be "bricked", either deliberately or unintentionally. Whether that is better or worse than, say, having all your most intimate secrets (and photographs) stolen and possibly posted to the web or otherwise used in an attempt to embarrass or ransom you, may depend on who you are and what you keep on, or can access from, your smartphone.

Looking at actual Android malware, the LockerPin family, which can set a random PIN lock screen that is not known to the perpetrators is very nasty, as the conditions that could allow recovery from this device-locking payload will almost never be found on a typical device.

In your view, which are the major weaknesses the Android ecosystem has in terms of security?

Compared to its main competitor in the mobile arena, iOS, Android is somewhat more open, allowing developers and users greater flexibility. That may result in benefits to the user but it also means that malicious activity is more easily directed to Android users. There have, for example, been many more overtly malicious apps get into Google's official app store than into Apple's. Further, Google is generally quite skeptical about the possible value of security products for the Android platform, so does not provide advanced capabilities to better support such products. This is a major architectural weakness in the Android operating system.

When looking at the Android platform and how it is built, which are the top things an Android security product can't do for users in terms of protection?

The lack of system hooks or official security APIs means that proper on-access scanning cannot be performed. For now, a virus scanner is limited to checking an app when its installer package is downloaded to the device and again when the app is installed. Google could allow verified security apps to install with higher privileges but has chosen not to, so unlike on other operating systems, like Windows for example, your Android security app is just another app running at the same privilege level as any other. Equally concerning is that the Device Administrator privilege is doled out at the user's behest. We can disable them, but they are quite likely to just as easily disable us.

How does a security product for Android, like ESET Mobile Security & Antivirus protect its users?

Our Android security products offer several forms of protection. There is malicious code and (optionally) PUA detection care of the antivirus functionality, malicious website blocking utilizing the ESET Live Grid®, device location and anti-theft functionality and system diagnostics.

Editor's note: PUA means Potentially Unwanted Application. Generic PUA detections provide you with timely detection of new and updated Potentially Unwanted Applications.

Which are your top security recommendations for Android users, other than using a security product on their devices?

Stick with the official Play Store (that kind of sucks as advice for certain regions of the world!) and be very careful about granting the Device Administrator privilege to anything but a bona fide security or system administration app.

What do you think about malware, security and privacy on Android?

Now that you have read Nick's perspective, I would like you to share yours. Do you think that you need security products for Android? Are you using one on your smartphones and tablets? Did you deal with malware for Android and what happen ed?

Related posts

• Sida loo rakibo APK Android la'aan Google Play Store

• Ku saabsan InPrivate iyo qarsoodi. Waa maxay daalacashada gaarka ah? Waa kuwee browserka ugu fiican?

• 4 apps oo kaa caawinaya inaad ogaatid caafimaadka qalabkaaga Android

• Dib u eeg ESET Xakamaynta Waalidka: Ka ilaalinta carruurtaada Android!

• Dib u eeg Ammaanka Mobilka ee ESET: Ilaalinta ugu wanaagsan ee aaladaha Android

• Kahor intaadan rakibin Windows 10 S, tixgeli arrimahan muhiimka ah

• Windows 11 waa nuugtaa: 7 sababood oo aadan u jecleyn

• Sida loogu xidho talefankayga Android kayga Windows 10 PC

• Isticmaal koodka PUK si aad u furto SIM kaarkaaga Android

• Sida loo isticmaalo Windows 10's Timeline-ka Google Chrome

• Waa maxay Windows 10 Cusboonaysiinta abuurayaasha iyo maxaad u rakibi kartaa?

• Sida loo qariyo waxa ku jira ogeysiisyada Android -

• Microsoft Authenticator on Android: Gal akoon MS -

• Falanqaynta: Rakibaadda abka desktop-ka ee degdega ah waxay burburisaa waxqabadka kombayutarka!

• Sida loo beddelo qaabka shaashadda Android - PNG loona beddelo JPG iyo gadaal

• 8 sababood oo ay Cyberghost VPN u tahay mid ka mid ah VPN-yada ugu fiican suuqa

• Sida loo beddelo ama looga saaro SIM-ka PIN-ka ee Android-ka

• Sida loo qariyo ogeysiisyada shaashadda qufulka ee Android -

• Abaalmarinnada - Alaabta antivirus ugu fiican sanadka 2017

• Sida loo habeeyo menu-ka dejinta degdega ah ee Android