TapLogger is just a prof-of-concept trojan for Android, but the issues it exposes for the smartphone world and smartphone-tailored security practices couldn’t be more practical: the trojan uses data coming from motion sensors of a phone to infer security code numbers tapped by the user on the on-screen virtual keyboard.

Created as part of a research study by students and scientists of Pennsylvania State University in collaboration with IBM, TapLogger disguises itself as an icon-matching game where the users have to play 30 different rounds engaging in more than 400 “tap events”.

These first tap events, the study explains, are the trojan’s “training mode” that let it records enough sensor data to infer what virtual keys the user will be pressing afterward. The “trick” works because of the very slight changes to the smartphone acceleration and position while using a virtual keyboard: “By observing the gesture changes during a tap event – the researchers say – the attacker may roughly infer the tapped position on the touchscreen”.

Read the study HERE!

As Android smartphones and tablets grow in popularity, it's no surprise that the number of malware outbreaks is growing. Mobile antimalware apps can give your phone or tablet an extra layer of protection--but which ones do the job? Independent security testing lab AV-Test evaluated 41 virus scanners for Android, including those by mainstream security companies like Norton and Trend Micro. AV-Test used the Android emulator built into the Android SDK and ran each of the apps through a series of malware detection tests. To ensure that everything lined up, all the results from the emulator were tested on a real device.

Only 7 of the 41 virus scanners had detection rates above 90 percent, with over half of the remaining apps having detection rates under 40 percent. The top 7 apps were Avast Mobile Security, Dr. Web Anti-virus Light, F-Secure Mobile Security, IKARUS Mobile Security Lite, Lookout Mobile Security, Kaspersky Mobile Security Lite, and Zoner AntiVirus Free. Out of those 7, Kaspersky and F-Secure had the highest detection rates, followed by Avast.

Read the full report HERE!

Cybersecurity experts have uncovered a flaw in a component of the operating system of Google Inc's widely used Android smartphone that they say hackers can exploit to gain control of the devices.

Researchers at startup cybersecurity firm CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices.

CrowdStrike, which will demonstrate its findings next week at a major computer security conference in San Francisco, said an attacker sends an email or text message that appears to be from a trusted source, like the user's phone carrier. The message urges the recipient to click on a link, which if done infects the device.

Reuters has the news HERE!

Free is good. 

Android malware growth - Depending on where you go, you'll find varying stats on the amount of Android malware we've seen thus far. This is complicated by the fact that most of the information available about malware comes from security vendors, who obviously have a pony in the anti-malware race.

One thing they all agree on is that the amount of malware targeting Android has been growing. For instance, a report from Trend Micro (PDF) includes a chart that shows a large spike in the amount of total Android malware in 2011. Meanwhile, according to NQ Mobile , cases of malware increased from 4,781 cases in 2009 to 10,369 cases in 2010 and 22,600 cases in 2011. And according to Lookout, the likelihood of Americans encountering Android malware went from 1% in the beginning of 2011 to 4% by year's end. 

Read the rest of the article....