Firefox OS is a mobile operating system based on Linux and Mozilla’s Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript.
After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available.
Shantanu Gawde, 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi.
Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device’s hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose.
Basically, there are two types of Firefox OS apps: packaged and hosted. Packed apps are essentially a zip file containing all of of an apps assets: HTML, CSS, JavaScript, images, manifest, etc.
Hosted apps are just a website is the application, means you can host the app on a publicly accessible Web server, just like any other website.
His demonstration will showcase the malware app developed by him using just HTML, CSS, and JavaScript, and capability to perform many malicious tasks remotely on the device i.e. Accessing SD Card Data, Stealing Contacts, downloading-uploading Files on device, Tracking Geological location of the user etc.
"The purpose of the PoC is of course to motivate developers to ensure better security on their platforms rather than providing inspiration to those with malicious intents." he told 'The Hacker News'.
