Researchers demo rootkit on android phone

Discussion in 'Android General Discussions' started by techRob, Jun 2, 2010.

  1. techRob
    Offline

    techRob New Member

    Joined:
    Apr 4, 2010
    Messages:
    251
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Montana
    Wasn't sure if anyone else has read / seen / heard about this, but a co-worker pointed it out to me.

    Researchers to demo rootkit on Android phone | Security Management | ZDNet UK

    The link posted at the top is to the full article about this.
  2. JonDenver'sCopilot
    Offline

    JonDenver'sCopilot New Member

    Joined:
    May 27, 2010
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    0
    I'm not really worried about this as it would take me installing the software on my phone (most likely with market apps or ROM flashing). I hesitate to believe that any of the major ROM devs would add this in their ROM, and I'm pretty careful with what I load on my phone. In any case, the SU app "should" provide an added level of security to our phones since it asks us whenever we want to allow something to have root access. I could be wrong on all this, its based on my assumptions of how the rootkit is going to work, but in the long run I think that google will patch any security hole found with this demonstration.
  3. techRob
    Offline

    techRob New Member

    Joined:
    Apr 4, 2010
    Messages:
    251
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Montana
    That's more or less what I was thinking too. My co-worker has a WinMobile6 phone, and likes to give me crap about my DROID, so he mentioned this to me today. I just shrugged it off for the most part. He can say what he wants about his phone being better...I know the truth - and that's all that matters. dancedroid
  4. jrjomo
    Offline

    jrjomo New Member

    Joined:
    Apr 15, 2010
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    "The malware is activated by an incoming call from a "trigger number," upon which it sends a shell to the attacker, allowing them administrative access via a 3G or Wi-Fi connection. A shell is a piece of software providing an interface to an operating system kernel." According to the article, all you have to do is answer the phone, but we don't know that these guys didn't already have an app installed that would respond to the number to activate the rootkit. So any of our ROM devs working on an AV?
  5. techRob
    Offline

    techRob New Member

    Joined:
    Apr 4, 2010
    Messages:
    251
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Montana
    From the sounds of it, it could be a malformed kernel (or they actually found a way to inject something into it)...and the software most likely sees the number and just autoresponds without the user having to do a thing. That's my take on it.

    One of hte problems, so I've read, is that rootkit scanners on the phone would take a TREMENDOUS amount of processing power to work accurately. I believe its' along those lines...
Search tags for this page

droidx2 rootkit

,

root for htc thunderbolt