Yahoo! mail app may be behind Android spam

Powered by SC Magazine
 

Doubt on botnet theory.

Researchers have turned up new evidence that reveals a vulnerability in the Yahoo Android mail client may have been behind spam messages originally suspected to have been sent by an Android botnet.

Earlier this month, Microsoft researcher Terry Zink reported finding spam samples that appeared as though they'd been sent by compromised Android devices. He said the email headers on these messages indicated they'd been sent from mobile devices.

However, Google denied the possibility of an Android botnet and argued the spammers were using infected PCs to spoof messages in order to bypass email filters.

The latest research from Trend Micro and Lookout Mobile Security indicates that the vulnerability actually may lie in the Yahoo Mail application for Android.

A vulnerability in this app could allow attackers to gain access to a user's Yahoo Mail cookie, Weichao Sun, a mobile threats analyst at Trend Micro, said Monday in a blog post.

With that cookie, an attacker could compromise the Yahoo Mail account and send out specially crafted messages. This bug also grants the attacker access to the user's inbox and messages, Sun said.

The issue appears to be in how Yahoo's Android mail client transmits data. Researchers at Lookout Mobile Security reported the app did not encrypt its communications by default. All traffic being sent by the app were being transmitted using "HTTP" protocol rather than the secure "HTTPS" protocol, researchers said in a Lookout blog post.

"Any traffic that is sent by the Yahoo Mail Android app can easily be intercepted over an open network connection such as a public WiFi network," they wrote in the post.

An attacker could sniff for Yahoo Mail-specific traffic on open wireless networks and then intercept a cookie to impersonate that user, Lookout said. Session hijacking was a "very plausible explanation" for why the messages looked as if they had been sent from mobile devices.

Android users can enable SSL within the app's General Settings to force all communications to be encrypted, according to Lookout.

Yahoo has been informed about the vulnerability, but the company hasn't commented on the flaw or offered a timeline of possible fixes. Trend Micro, meanwhile, plans to post a technical analysis of the vulnerability.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Yahoo! mail app may be behind Android spam
Tags
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 643

Vote