What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Researchers demo rootkit on android phone

T

techRob

Member
Wasn't sure if anyone else has read / seen / heard about this, but a co-worker pointed it out to me.

Researchers to demo rootkit on Android phone | Security Management | ZDNet UK

Security researchers plan to demonstrate a rootkit running on an Android-based smartphone that could give an intruder full access to all the functions of the device.


Nicholas Percoco and Christian Papathanasiou are scheduled to make the demonstration at the Defcon security conference in Las Vegas in July. The researchers, from security firm Trustwave, will show that the kernel-level rootkit is capable of reading the text messages on an Android phone, making unauthorized long-distance calls, and pinpointing the device's location via GPS, according to the conference program.


The malware is activated by an incoming call from a "trigger number," upon which it sends a shell to the attacker, allowing them administrative access via a 3G or Wi-Fi connection. A shell is a piece of software providing an interface to an operating system kernel.
Click to expand...
The link posted at the top is to the full article about this.
 
I'm not really worried about this as it would take me installing the software on my phone (most likely with market apps or ROM flashing). I hesitate to believe that any of the major ROM devs would add this in their ROM, and I'm pretty careful with what I load on my phone. In any case, the SU app "should" provide an added level of security to our phones since it asks us whenever we want to allow something to have root access. I could be wrong on all this, its based on my assumptions of how the rootkit is going to work, but in the long run I think that google will patch any security hole found with this demonstration.
 
That's more or less what I was thinking too. My co-worker has a WinMobile6 phone, and likes to give me crap about my DROID, so he mentioned this to me today. I just shrugged it off for the most part. He can say what he wants about his phone being better...I know the truth - and that's all that matters. dancedroid
 
"The malware is activated by an incoming call from a "trigger number," upon which it sends a shell to the attacker, allowing them administrative access via a 3G or Wi-Fi connection. A shell is a piece of software providing an interface to an operating system kernel." According to the article, all you have to do is answer the phone, but we don't know that these guys didn't already have an app installed that would respond to the number to activate the rootkit. So any of our ROM devs working on an AV?
 
From the sounds of it, it could be a malformed kernel (or they actually found a way to inject something into it)...and the software most likely sees the number and just autoresponds without the user having to do a thing. That's my take on it.

One of hte problems, so I've read, is that rootkit scanners on the phone would take a TREMENDOUS amount of processing power to work accurately. I believe its' along those lines...
 
You must log in or register to reply here.

Similar threads

D
Potential Design Flaw in Android Could Allow Malware to Mimic Legitimate Apps
Replies
8
Views
3K
GrillMouster
G
B
What your phone app doesn't say: It's watching
2
Replies
28
Views
7K
Noobie
N
D
New Android Vulnerability Compromises Any Handset Through Chrome
Replies
7
Views
3K
cr6
C
X
$250 verizon device let's hackers take over your phone
Replies
3
Views
3K
AECRADIO
A
D
Android 0-click NFC Peer to Peer Sharing Demoed in Ice Cream Sandwich
Replies
1
Views
4K
GrillMouster
G
Back
Top