Yahoo! mail app may be behind Android spam

Powered by SC Magazine
 

Doubt on botnet theory.

Researchers have turned up new evidence that reveals a vulnerability in the Yahoo Android mail client may have been behind spam messages originally suspected to have been sent by an Android botnet.

Earlier this month, Microsoft researcher Terry Zink reported finding spam samples that appeared as though they'd been sent by compromised Android devices. He said the email headers on these messages indicated they'd been sent from mobile devices.

However, Google denied the possibility of an Android botnet and argued the spammers were using infected PCs to spoof messages in order to bypass email filters.

The latest research from Trend Micro and Lookout Mobile Security indicates that the vulnerability actually may lie in the Yahoo Mail application for Android.

A vulnerability in this app could allow attackers to gain access to a user's Yahoo Mail cookie, Weichao Sun, a mobile threats analyst at Trend Micro, said Monday in a blog post.

With that cookie, an attacker could compromise the Yahoo Mail account and send out specially crafted messages. This bug also grants the attacker access to the user's inbox and messages, Sun said.

The issue appears to be in how Yahoo's Android mail client transmits data. Researchers at Lookout Mobile Security reported the app did not encrypt its communications by default. All traffic being sent by the app were being transmitted using "HTTP" protocol rather than the secure "HTTPS" protocol, researchers said in a Lookout blog post.

"Any traffic that is sent by the Yahoo Mail Android app can easily be intercepted over an open network connection such as a public WiFi network," they wrote in the post.

An attacker could sniff for Yahoo Mail-specific traffic on open wireless networks and then intercept a cookie to impersonate that user, Lookout said. Session hijacking was a "very plausible explanation" for why the messages looked as if they had been sent from mobile devices.

Android users can enable SSL within the app's General Settings to force all communications to be encrypted, according to Lookout.

Yahoo has been informed about the vulnerability, but the company hasn't commented on the flaw or offered a timeline of possible fixes. Trend Micro, meanwhile, plans to post a technical analysis of the vulnerability.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Yahoo! mail app may be behind Android spam
Tags
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  26%
TOTAL VOTES: 414

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 194

Vote