[KarlosSpicyWienr]

http://thenextweb.com/insider/2012/1...berry-devices/

Kinda makes you wonder if mobile payments are a good thing. Also, anyone have any idea why iPhones were not infected?

[raino]

So basically they pushed out bogus .APKs and .JADs (the PDF shows this.) What i diot gets an unsolicited message asking him to install an app, goes "durrr ok!" and installs it on the same phone he uses for mobile BANKING?

[mikeo007]

Botnet Steals $47M from 30K European Bank Accounts

Kinda makes you wonder if mobile payments are a good thing. Also, anyone have any idea why iPhones were not infected?

Because of the App store walled garden. Non-jailbroken devices can't install random ipa files.

[W Hoa]

Couldn't do it without your help.

clicklink.jpg

[howarmat]

Again this proves no device is safe when it comes to an incompetent user.

[notfanboy]

Hopefully these idiots get cleaned out. This is just natural selection at work. Survival of the fittest.

[lengend]

Serves them right. Only idiots will install an application that don't even know what it is and it is sent by a random SMS.

[bk1022]

Yeah, seniors with mobile phones are the problem... Are we going to blame rape victims here too now?

[Sith_Apprentice]

Again this proves no device is safe when it comes to an incompetent user.

That is why we BES Admins love our control. I can stupid proof your phone applications (liquid damage and physical damage still occur though)

[Sith_Apprentice]

Because of the App store walled garden. Non-jailbroken devices can't install random ipa files.

This is not entirely correct. There is an app that will take files and sign/install them on a device with a dev certificate. It can take even legitimate files and do this. They are working on remote execution of this, and the app can easily be installed on a device that is not jailbroken. Only stumbling block at this point is that the app requires the equivalent of a dev token on the device to be initially installed. The walled garden is very good in most cases, but even that has its flaws.

[Sith_Apprentice]

Yeah, seniors with mobile phones are the problem... Are we going to blame rape victims here too now?

People that do stupid things on their phone are the problem, regardless of age, race, gender, creed, etc etc etc. Its the equivalent of locking your front door but leaving the window next to it wide open.

[dentynefire]

Security...do you want security or usability you can't have both. I wonder if there will be a BB Balance type partitioned wallet for BB10?

[mikeo007]

This is not entirely correct. There is an app that will take files and sign/install them on a device with a dev certificate. It can take even legitimate files and do this. They are working on remote execution of this, and the app can easily be installed on a device that is not jailbroken. Only stumbling block at this point is that the app requires the equivalent of a dev token on the device to be initially installed. The walled garden is very good in most cases, but even that has its flaws.

You're right, there are alway possible exploits. Just like jailbreak me on older ios versions. But right now there's no exploit available, and the walled garden is an extra layer of "stupid proofing" (for lack of a better term.

But I will agree, as long as there's the desire to install packages from outside the App Store, there will be people trying to get around it.

[Sith_Apprentice]

You're right, there are alway possible exploits. Just like jailbreak me on older ios versions. But right now there's no exploit available, and the walled garden is an extra layer of "stupid proofing" (for lack of a better term.

But I will agree, as long as there's the desire to install packages from outside the App Store, there will be people trying to get around it.

See my earlier post, I am all about stupid proofing lol

[Sith_Apprentice]

Security...do you want security or usability you can't have both. I wonder if there will be a BB Balance type partitioned wallet for BB10?

Why would BB Wallet be partitioned? I would say that should be exclusively a personal function and never touch the work space.

[Rickroller]

As a default on Android, you can't install .apk's from "unknown sources" unless you manually decide to. So for the average user, this would not have been possible, because they would have gotten an error. However, if you're someone who has played around with the phone and rooted, rom'd etc, then chances are this would security feature would already have been disabled, which could/would leave you open to such an app.

[dentynefire]

Why would BB Wallet be partitioned? I would say that should be exclusively a personal function and never touch the work space.

What I mean is separated. I don't see why a Wallet couldn't be partitioned in the same way as Balance. I don't mean included with Balance but at the OS level it would be the same. Banking apps would appear only if you had the Wallet similar to enterprise apps only showing once Balance is used. That way no data from personal or work could transfer to the Wallet without a password prompt. Anyway after giving it way too much thought I maybe the app sand box is good enough?

[OniPod]

Security...do you want security or usability you can't have both. I wonder if there will be a BB Balance type partitioned wallet for BB10?

I believe you can have both Security and usability. You just have to be smart about it.

[Concession]

With BB10 you'd have to go full retard to fall for this.

1. Dload .bar on phone.
2. Transfer .bar to computer.
3. Sideload .bar

[Sith_Apprentice]

I believe you can have both Security and usability. You just have to be smart about it.

Security by definition will slow things down, the more you have the slower it gets. Think about full device encryption, fingerprint/retina scanning, more than 2 factor authentication etc etc etc. All of it slows down the end user experience. There is a balance though, and that is what we should go after.

[Sith_Apprentice]

With BB10 you'd have to go full retard to fall for this.

1. Dload .bar on phone.
2. Transfer .bar to computer.
3. Sideload .bar

Application must be signed as well or you have to use a debug token lol

[bk1022]

I believe you can have both Security and usability. You just have to be smart about it.

Agreed! Some people (not limited to people in this thread) blow me away. They are advocating reverting to a wild-west financial system where anything goes and the law isn't worth the paper it's written on. Mobile payments will be still-born if this isn't fixed.

[dentynefire]

All I was saying was that the people that clicked on the link essentially should have never been able to install malware. The malware took advantage of the users naivety or stupidity whatever your opinion is but 30,000 people fell for it. Security as a system (layered security) is not as good as being inherently secure. The focus in this thread maybe mobile but I wonder how many PCs were compromised?...Microsoft lol

[avt123]

As a default on Android, you can't install .apk's from "unknown sources" unless you manually decide to. So for the average user, this would not have been possible, because they would have gotten an error. However, if you're someone who has played around with the phone and rooted, rom'd etc, then chances are this would security feature would already have been disabled, which could/would leave you open to such an app.

Isn't it great when you know what you're doing?

[Xader]

People like this are the reason I have to wipe my father-in-law's hard drive every couple months.

He's one of those folks who clicks "ok" on anything that pops up on his screen.