Yahoo! mail app may be behind Android spam

Powered by SC Magazine
 

Doubt on botnet theory.

Researchers have turned up new evidence that reveals a vulnerability in the Yahoo Android mail client may have been behind spam messages originally suspected to have been sent by an Android botnet.

Earlier this month, Microsoft researcher Terry Zink reported finding spam samples that appeared as though they'd been sent by compromised Android devices. He said the email headers on these messages indicated they'd been sent from mobile devices.

However, Google denied the possibility of an Android botnet and argued the spammers were using infected PCs to spoof messages in order to bypass email filters.

The latest research from Trend Micro and Lookout Mobile Security indicates that the vulnerability actually may lie in the Yahoo Mail application for Android.

A vulnerability in this app could allow attackers to gain access to a user's Yahoo Mail cookie, Weichao Sun, a mobile threats analyst at Trend Micro, said Monday in a blog post.

With that cookie, an attacker could compromise the Yahoo Mail account and send out specially crafted messages. This bug also grants the attacker access to the user's inbox and messages, Sun said.

The issue appears to be in how Yahoo's Android mail client transmits data. Researchers at Lookout Mobile Security reported the app did not encrypt its communications by default. All traffic being sent by the app were being transmitted using "HTTP" protocol rather than the secure "HTTPS" protocol, researchers said in a Lookout blog post.

"Any traffic that is sent by the Yahoo Mail Android app can easily be intercepted over an open network connection such as a public WiFi network," they wrote in the post.

An attacker could sniff for Yahoo Mail-specific traffic on open wireless networks and then intercept a cookie to impersonate that user, Lookout said. Session hijacking was a "very plausible explanation" for why the messages looked as if they had been sent from mobile devices.

Android users can enable SSL within the app's General Settings to force all communications to be encrypted, according to Lookout.

Yahoo has been informed about the vulnerability, but the company hasn't commented on the flaw or offered a timeline of possible fixes. Trend Micro, meanwhile, plans to post a technical analysis of the vulnerability.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Yahoo! mail app may be behind Android spam
Tags
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Five emerging technologies that will transform financial services
[Blog post] Far out ideas that aren't far off.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 957

Vote