Researchers demo rootkit on android phone

[techRob]

Wasn't sure if anyone else has read / seen / heard about this, but a co-worker pointed it out to me.

Researchers to demo rootkit on Android phone | Security Management | ZDNet UK

Security researchers plan to demonstrate a rootkit running on an Android-based smartphone that could give an intruder full access to all the functions of the device.


Nicholas Percoco and Christian Papathanasiou are scheduled to make the demonstration at the Defcon security conference in Las Vegas in July. The researchers, from security firm Trustwave, will show that the kernel-level rootkit is capable of reading the text messages on an Android phone, making unauthorized long-distance calls, and pinpointing the device's location via GPS, according to the conference program.


The malware is activated by an incoming call from a "trigger number," upon which it sends a shell to the attacker, allowing them administrative access via a 3G or Wi-Fi connection. A shell is a piece of software providing an interface to an operating system kernel.

The link posted at the top is to the full article about this.

 

[JonDenver'sCopilot]

I'm not really worried about this as it would take me installing the software on my phone (most likely with market apps or ROM flashing). I hesitate to believe that any of the major ROM devs would add this in their ROM, and I'm pretty careful with what I load on my phone. In any case, the SU app "should" provide an added level of security to our phones since it asks us whenever we want to allow something to have root access. I could be wrong on all this, its based on my assumptions of how the rootkit is going to work, but in the long run I think that google will patch any security hole found with this demonstration.

 

[techRob]

That's more or less what I was thinking too. My co-worker has a WinMobile6 phone, and likes to give me crap about my DROID, so he mentioned this to me today. I just shrugged it off for the most part. He can say what he wants about his phone being better...I know the truth - and that's all that matters. dancedroid

 

[jrjomo]

"The malware is activated by an incoming call from a "trigger number," upon which it sends a shell to the attacker, allowing them administrative access via a 3G or Wi-Fi connection. A shell is a piece of software providing an interface to an operating system kernel." According to the article, all you have to do is answer the phone, but we don't know that these guys didn't already have an app installed that would respond to the number to activate the rootkit. So any of our ROM devs working on an AV?

 

[techRob]

From the sounds of it, it could be a malformed kernel (or they actually found a way to inject something into it)...and the software most likely sees the number and just autoresponds without the user having to do a thing. That's my take on it.

One of hte problems, so I've read, is that rootkit scanners on the phone would take a TREMENDOUS amount of processing power to work accurately. I believe its' along those lines...