FalseGuide is one of the worst things to happen to the Android platform in some time. This is a nasty piece of work. Effectively it is a class of malware that masquerades as a legitimate product guide. FalseGuide offerings are available in the Google Play store, so folks think it is vetted, but it’s not. Instead this malware takes over control of the Smartphone specifically to install additional malware and take control of the phone. Given the escalated privileges the user is tricked into providing there is very little the hostile remote hacker can’t do to the phone including install Malware, turn off any anti-virus product, and even Root the device potentially turning into an expensive brick.
But while this may be a disaster this is exactly the kind of problem BlackBerry phones and BlackBerry services were designed to prevent.
Let’s chat about FalseGuide and why it may be a perfect storm opportunity for BlackBerry.
The Big Android And Potential iOS Problem
At the heart of this malware scandal is the fact that his malware offering made it through the vetting process and the Google Play Store which at least suggests the same thing could happen in the similar Apple App Store. The issue here is most people for what has been a good reason, trust the various app stores to provide safe products and the smart ones know that side loading, which you can do on Android but not Apple, is very dangerous. This malware showcases you really can’t trust the app stores either.
In addition, this malware exploits the management features in the phones using escalated privileges to grant admin rights to the hostile entity that sourced the FalseGuide product. This means that the remote attacker can then install anything on the phone including root kits, which, once in are nearly impossible to detect and remove and can provide sustained access to every part of the device including data, cameras and microphones potentially turning them onto tools that can actively spy on their users but digitally and physically. Creating kind of a universal spying bug.
Legacy BlackBerry phones won’t even run the FalseGuide apps but here I’m really talking about the Android version of BlackBerry’s phone platform. This platform is the only one with DTEK an integrated comprehensive security tool that will identify compromise to the user so that the user is aware they have a problem. In addition, because a BlackBerry layer resides below the operating system the device is extremely resistant to being rooted making the phone potentially immune to this kind of attack.
So, alone, the BlackBerry Android devices may be the only modern Smartphones naturally immune to the kind of attack FalseGuide represents.
However, BlackBerry also sells an offering called UEM (United Endpoint Management) this is a policy rich offering that could prevent the assignment of rights like the Admiration rights that are core to the execution of the FalseGuide malware. Without the rights of an administrator much of the harm this kind of product can do is effectively blocked and rendered moot.
Also, being aware of the offerings, administrators could actively block their installation by policy effectively eliminating the ability of users to install them in the first place, and, on these controlled phones, side loading is also generally blocked by policy.
Wrapping Up: BlackBerry’s Perfect Storm
The FalseGuide Android problem represents a near perfect storm of problems starting with users tricked to install the thing, to the escalated privileges the malware grants itself, and ending with the capability of fully compromising the phone, its sensors, and all of the information it contains. The combination of BlackBerry’s new Android phones backed up by their UEM offering appears to be uniquely capable of addressing this serious threat showcasing why FalseGuide may be a perfect storm for BlackBerry.
This may also help to explain why the new BlackBerry KEYone phone is in such high demand they had to delay the release to make more of them.