Tuesday, June 01, 2010

Android Rootkit is Just a Phone Call Away

Robert McMillan writes on ComputerWorld:

Hoping to understand what a new generation of mobile malware could resemble, security researchers will demonstrate a malicious "rootkit" program they've written for Google's Android phone next month at the Defcon hacking conference in Las Vegas.

Once it's installed on the Android phone, the rootkit can be activated via a phone call or SMS (short message service) message, giving attackers a stealthy and hard-to-detect tool for siphoning data from the phone or misdirecting the user. "You call the phone, the phone doesn't ring, and when the phone realizes that it's being called by an attacker's phone number, it sends him back a shell [program]," said Christian Papathanasiou, a security consultant with Chicago's Trustwave, the company that did the research.

The hard part of writing an Android rootkit is figuring out how to take advantage of new mobile features while making sure the software runs smoothly on the new platform, Papathanasiou said.

Because the rootkit runs as a module in Android's Linux kernel, it has the highest level of access to the Android phone and can be a very powerful tool for attackers. For example, it could be used to reroute a victim's 911 calls to a bogus number. The rootkit could also track a victim's location or even reroute his browser to a malicious Web site. "Because we interface with the kernel, the opportunities to abuse this are limitless," Papathanasiou said.

More here.


At Thu Jun 03, 12:06:00 AM PDT, Anonymous Anonymous said...

Holy misleading headlines, Batman!

The headline implies that an Android phone can be compromised simply by calling the wrong number (or worse, receiving the wrong inbound call).

I guess something like:

"New C&C channels for cell rootkit
(including secret inbound calls,

would be too factual?

I'm not blaming the blogger, but the original publication editors. What chumps.


Post a Comment

<< Home