We're still not sure how hackers obtained sensitive photos from celebrities' phones in the massive privacy breach known as Celebgate. The attackers may have used a phishing attack, researched the answers to their security questions, or simply guessed their victims' passwords by brute force. But here is another possible venue for hackers looking to grab private photos from targets' phones: a piece of malware, in the form of an Android game that surreptitiously downloads a user's photos.
A user on AnonIB, the image-based message board where the Celebgate photos were first publicly referenced, boasted in July that they had developed a knockoff version of the popular game Flappy Bird in order to secretly download and store a user's photos, reports The Guardian. "It now secretly downloads all of the phones pictures to my server when the game is running," the user wrote, asking for a donation to defray the costs of getting the app in the Google Play store.
Photo: The Guardian.
This app may never have made it into the app market, and even if it had, it probably wouldn't have done much damage. There are already more than 100 Flappy Bird clones, so any newcomer is unlikely to attract a lot of downloads. Google also polices its market for apps that look malicious.
However, it's a good reminder that apps can contain malware despite many layers of protection in the major mobile app stores — and that's especially true of games purporting to be Flappy Bird.