Thursday, April 03, 2014

Like Our Sailors Carry Smart Phones! Pshaw.

So malware can be pre-programmed into phones built in China? That could shorten the kill chain against our carriers considerably.

Huh Malware has been pre-installed on Android devices made in China:

"We're like, yeah, this isn't the real Netflix," Jevans said "You've got one that has been tampered with and is sending passwords and credit card information to Russia." ...

With the fake Netflix application, the organization told Marble Security the app was pre-installed when it bought the device. Marble Security then looked at devices from its other customers and found the problem was widespread. They found a fake version of Netflix on phones and tablets from at least four different manufacturers, Jevans said.

"We suspect for most of them, it is preinstalled," Jevans said.

Marc Rogers, principal security researcher with Lookout Mobile Security, said his company has seen instances of malware show up on new phones. Lookout found a variant of a family of Chinese malware on new devices imported on the gray market from China.

I've long wondered whether our work to break the kill chain for China's DF-21 anti-ship ballistic missiles to defend our expensive aircraft carriers could founder on a very simple bypass for that notional kill chain:

Let me offer a non-Manhattan Project-style and unconventional solution to China's targeting problem. What if Chinese agents placed a signalling device on the keel of an American aircraft carrier while in port? Or a homing device in the galley's coffee machine before it is installed? Or buried in the storage bins of some bulk product? What if the Chinese maneuvering ballistic missiles were designed to home in on the signal of such a device and the Chinese had a means to turn on the device when needed?

Or the Chinese could infect any of the computer chips installed on the many electronic devices on a carrier or escort.

But I was too limited in my thinking. Who says the Chinese have to carry out a James Bond operation to slip such a device in? Maybe the sailors bring them on?

Could the Chinese slip something into our carrier systems that would function as a homing beacon for a missile attack, eliminating the need to deploy surveillance and targeting systems for tracking our carriers at sea? What if a compromised chip could make a silent-running carrier emit in every frequency by just turning equipment on? The Chinese would only need to know the general area of a carrier and shoot blind, counting on the carrier itself to bring the missiles home. Shoot, just infect every iPod sold to make sure sailors take them on board a carrier and put emitters in them.

Could any infected Android phone with its own GPS-enabled navigation app be the means to locate and target a carrier?