WARNING Yahoo Mail APP linked to Android Botnet malware...

Discussion in 'Android Tablet Apps' started by janner43, Jul 7, 2012.

  1. janner43

    janner43 Member

    Joined:
    Jul 6, 2012
    Messages:
    21
    Likes Received:
    2
    Trophy Points:
    62
    Tablet / Device:
    tf101
    This warning only applies to the Yahoo Mail APP. It does NOT apply to using the webmail interface

    Yahoo! Mail for Android does not encrypt its communications by default – it performs all its functions over HTTP, not HTTPS. This means that any traffic that is sent by the Yahoo! Mail Android app can easily be intercepted over an open network connection such as a public WiFi network. This exposes Yahoo! Mail for Android to session hijacking.

    1. An attacker could sniff for Yahoo! Mail specific traffic on open WiFi networks

    2. Unsuspecting Android users that join the WiFi network check their email using default application settings

    3. The attacker intercepts a particular cookie and can use it to impersonate that user, over whatever networks are available to them, including by tethering to a mobile network

    - This allows the attacker to send spam emails that appear 100% legitimate.

    It is recommended that users of Yahoo! Mail for Android enable SSL within the application’s settings to protect themselves from this type of attack. From within Yahoo! Mail, simply open

    Options > General Settings and select ‘Enable SSL’.


    You have been warned

    Source: The Official Lookout Blog | UPDATE: Our Thoughts on the Android Spam “Botnet”
     
  2. Spider

    Spider Administrator Staff Member

    Joined:
    Mar 24, 2011
    Messages:
    15,413
    Likes Received:
    1,784
    Trophy Points:
    1,000
    Location:
    Chicago, IL
    Tablet / Device:
    NOOK Tablet Stock NOOKcolor Rooted/Flashed Nexus 7 (2013) 32GB Stock
    Thanks for the heads up Janner.
     

Share This Page