Forgot your password?
typodupeerror
Google Security Technology

Android Rootkit Is Just a Phone Call Away 190

Posted by samzenpus
from the dial-M-for-malware dept.
alphadogg writes "Hoping to understand what a new generation of mobile malware could resemble, security researchers will demonstrate a malicious 'rootkit' program they've written for Google's Android phone next month at the Defcon hacking conference in Las Vegas. Once it's installed on the Android phone, the rootkit can be activated via a phone call or SMS message, giving attackers a stealthy and hard-to-detect tool for siphoning data from the phone or misdirecting the user. 'You call the phone, the phone doesn't ring, and when the phone realizes that it's being called by an attacker's phone number, it sends him back a shell [program],' said Christian Papathanasiou, a security consultant with Chicago's Trustwave, the company that did the research."
This discussion has been archived. No new comments can be posted.

Android Rootkit Is Just a Phone Call Away

Comments Filter:
  • Anti Virus? (Score:4, Insightful)

    by kobaz (107760) on Wednesday June 02, 2010 @09:46PM (#32440094)

    Is there going to be a huge market for antivirus software for cell phones within the next few years?

    • Re: (Score:2, Insightful)

      by grantek (979387)

      Well the Apple way of doing things would just be to yank any app that's discovered to have an active exploit, and maybe remote wipe it from phones, then probably disable any infected phones until the OS is reinstalled. If that works for the masses it could be a nightmare for Richard Stallman, because it'll probably spread from there to the desktop.

      • by zuzulo (136299)

        VirtualBox on Android. Why not?

        Or at least some sort of microkernel based virtualization ... forget about antivirus, firewalls, and all that noise. Just give me a fire and forget OS that is refreshed anew with each power cycle. My cell phone is *supposed* to be an appliance, after all. Keep the data on the network, and refresh the OS from a known good copy every time i turn it on ...

        Who am i kidding, there is too much money in OS vulnerabilities for this to ever fly ... ;-)

        • by debatem1 (1087307)
          There's two problems with this: first, the difficulty of implementing it- porting an existing system can basically be ruled out by the use of Bionic and the tight performance constraints- and secondly there's the problem where the phone's only defense is to power cycle constantly, which is just as bad as having malware on it in the first place. Neither of these is impossible to overcome, but its hard enough that I decided not to pursue it something like a year ago, and I'm something of a project masochist.
    • Re:Anti Virus? (Score:5, Insightful)

      by v1 (525388) on Wednesday June 02, 2010 @09:56PM (#32440146) Homepage Journal

      Is there going to be a huge market for antivirus software for cell phones within the next few years?

      For every "unlocked" phone that allows you to install unsigned software, yes. That's the price you pay for unlocked hardware. There are exceptions to the rule, (OS X) but they are very few and far between.

      Protecting your users from bad people isn't really very difficult. (firewall) Protecting them from themselves, that's a trick. (AV software)

      I'm surprised we haven't seen a much faster rise in malware for unlocked phones in the last few years.

      • Re: (Score:3, Insightful)

        by Skuld-Chan (302449)

        Haven't read the article yet - so I wonder if this affects stock android phones. The default setting for android is not to install anything unsigned.

        • Re: (Score:2, Informative)

          by Anonymous Coward
          "Signed" in Android terms doesn't actually mean much. Developers self-sign their apps. The point? I really don't know. What you're talking about is the setting that allows users to install apps from sources other than the Market.
      • by Kingrames (858416)
        "I'm surprised we haven't seen a much faster rise in malware for unlocked phones in the last few years."

        The room does not become empty when you close your eyes.
        - Quote mangled from a joke taken from the Jargon File.
      • by grcumb (781340)

        For every "unlocked" phone that allows you to install unsigned software, yes. That's the price you pay for unlocked hardware.

        Can you explain precisely what you mean when you use the term 'unlocked'? You're almost certainly wrong no matter which sense you use it in, but I want to make sure I refute the proper argument. 8^)

        Okay, seriously: The valid part of your statement is your mention of 'unsigned software', which I take to mean the Microsoft approach of allowing all comers with little more than a 'caveat

      • Re:Anti Virus? (Score:5, Insightful)

        by MrHanky (141717) on Thursday June 03, 2010 @01:43AM (#32441474) Homepage Journal

        How exactly is OS X an exception? If you think OS X has effective protection against trojans and root kits, you're deluding yourself.

        • by node 3 (115640)

          How exactly is OS X an exception?

          Due to the notably disproportionate lack of spyware on the Mac.

          If you think OS X has effective protection against trojans and root kits, you're deluding yourself.

          It's strange that people seem to always bring this up when no one is making the claim that is supposedly being debunked.

          • Re: (Score:2, Insightful)

            by HappyClown (668699)

            For every "unlocked" phone that allows you to install unsigned software, yes. That's the price you pay for unlocked hardware. There are exceptions to the rule, (OS X) but they are very few and far between.

            How exactly is OS X an exception?

            Due to the notably disproportionate lack of spyware on the Mac.

            By that logic, if I leave my front door open year round yet don't get burgled, my home must be burglar proof!

          • by MrHanky (141717)

            You made the claim that OS X was a rare exception to the rule that unlocked hardware (sic) has a virus problem (or actually: that there is "a huge market for antivirus software" for such platforms). Yet this is blatantly untrue: hardly any OS except Windows (and the Amiga, back in the days) has a huge virus problem.

            And now you try to make the argument that OS X has little need for anti-virus software due to there being a disproportionate(?) lack of spyware for the platform. Spyware != virus, and a lack of

      • by knarf (34928)

        That's the price you pay for unlocked hardware. There are exceptions to the rule, (OS X) but they are very few and far between.

        Eh? Assuming that you are talking about the user installing software instead of the software installing itself without the users approval please elaborate why OS X is an 'exception to the rule'? If you install 'see dancing bunnies NOW' on anything Apple you're just as p0wn3d as you would when you install it on anything else.

        And 'price you pay for unlocked hardware'? Bovine Excrement

      • by hitmark (640295)

        the osx "exception" is more a case of obscurity then by design.

        heck i think its shown that osx have the worst security of any *nix out there.

    • by zonky (1153039)
      wait, you mean i have to trust the code i execute?
      • Re: (Score:3, Insightful)

        by FatdogHaiku (978357)

        wait, you mean i have to trust the code i execute?

        Only on devices you want to reliably and securely use...
        it's kind of like that rule about only flossing the teeth you want to keep.

        • by hitmark (640295)

          but can you trust the hardware?

          • As much as you can the network, I guess...
            So, no, probably not...
            Geez, I hope we don't end up having to go to RadioShack to get a cell phone kit and a tiny soldering iron tip.
    • Re: (Score:3, Insightful)

      by Totenglocke (1291680)
      I'd rather just see anti-virus software on pc's incorporate definitions for mobile phone viruses / rookits as well - that way you can just run a virus scan once a week with your phone plugged into your computer and not have to worry about killing the battery life on your phone.
      • by SQLGuru (980662)

        Wait, you have to plug your phone into your computer? My WinMo phone syncs via Bluetooth (and if I had a data plan, would sync via the 3g).

        Actually Kaspersky has a mobile AV that's been available for a while: http://usa.kaspersky.com/products_services/mobile-security.php [kaspersky.com]

      • A cloud-enabled phone that's chained to the computer for security checks? I don't think that's a terribly good idea.

        Why can't the virus scanner on the phone just run itself once a week? Or once a night when it's plugged in? Or on-demand when new apps come in / websites load?

      • Re: (Score:3, Interesting)

        by mlts (1038732) *

        I'd like to see an antivirus scanner put into the fastboot or recovery image. This way, if a phone is rootkitted, someone can boot to the recovery, and run Tripwire like software which would catch unknown kernel modules, and for known malware signatures, a signature based AV would deal with those.

        However, lets be realistic: AV software is the absolutely last bastion of defense. Before malware can trip the AV software, the OS or application should have dealt with it by either ignoring it and forbidding it

      • by delinear (991444)
        But then how would the AV producers sell you the same product twice? Incidentally, to answer the original question about AV proliferating on mobile phones, there are already several products out there - I'm not sure what they actually do, since I've not heard of any mobile virii in the wild affecting these devices, I suspect they just scan for Windows virii to protect your OS when you hook up the phone as a mass storage device. I'm more than happy to install AV on my phone as and when someone demonstrates t
    • by oztiks (921504)

      I believe so, the value of commandeering a mobile phone and then using it for illegitimate financial gain is there, the possibilities are the same as Trojan on a PC, perhaps even more.

      A mobile Botnet being able to DoS targets with smartphones and it wouldn't be limited to just internet, it could be done with the phone/sms aspect as well.

    • Re: (Score:3, Insightful)

      by erroneus (253617)

      Don't jump to conclusions about this. A rootkit is not a virus and isn't necessarily malware at all depending on how it is applied and used.

      I could describe similar behaving software as an anti-theft and tracking function. Say someone steals my shiny new android phone and I want it back. Once I have some sort of access to the phone, I can ask it to take pictures and send them back to me. I can ask it to get a GPS read and send it back to me. I can ask it to get a log of activities such as options explo

      • by LingNoi (1066278)

        If this is going to work as an anti theft device activated by an sms or phone call how are you going to know which number to call? The first thing a criminal does when stealing your phone is to take the battery and sim out.

        • Re: (Score:3, Informative)

          by delinear (991444)
          Unless he wipes the OS too, there's already an app [trackdroid.org] that, when your sim card is replaced, will send you a text message or email with the GPS location of the phone. If you have it send a text message, you also get the number of the new sim, so you can go directly to the police with the (reasonably) exact location of the phone and the contact details of the registered purchaser of the sim.
      • by debatem1 (1087307)
        Amen. TFA implies- though it doesn't directly state- that this took root privs to install in the first place, at which point I don't need to remotely enable the malware- I've already got the ability to do whatever the hell I want.
      • by delinear (991444)
        Actually, there's already an App on the Android marketplace that does what you describe. I think you can call, email or SMS your mobile with a command that will enable a bunch of features, such as getting the GPS location via an online service, disabling or password protecting the phone or even triggering it to start beeping at full volume every time it's turned on. There's even an App which will check for the sim card being replaced and will alert you to the location of the phone when it's switched on. Oka
    • by Timmmm (636430)

      There is already an 'anti-virus' app in the Android market. It has many 5 star reviews, but seeing as there *are* no android viruses yet I assume it just pretends to scan your system and then says 'no viruses found' or something.

      • by delinear (991444)
        Of course, if you wanted people to think it was worth using, you'd occasionally flag up some "found 8 viruses, all successfully removed" kind of messages :)
  • Hacking mobiles (Score:2, Interesting)

    by lobf (1790198)
    Is hacking mobile phones a big business nowadays? Should we expect to see more security issues with our smartphones as they increase in popularity? I'm not being facetious, I come here because I don't know these answers.
    • It will be. (Score:4, Interesting)

      by maillemaker (924053) on Wednesday June 02, 2010 @10:06PM (#32440194)
      >Is hacking mobile phones a big business nowadays? Should we expect to see more security issues with our smartphones as >they increase in popularity? I'm not being facetious, I come here because I don't know these answers. If it's not, it will be. Clearly there is big business to be made in compromising traditional computer systems today. In the early days (and I've been around computers since the TI99/4A) it seems that "viruses" were primarily made as a prank. But today the biggest threats seem to be botnets which are used for profit to either propagate spam and execute denial of service attacks through distributed means, or simply to skim valuable user account data off of the compromised systems. This is all far beyond the amateur pranks of old. It is now done for financial gain. Cell phones have rapidly become computers. All the benefits of compromising traditional computers will likely follow.
      • Re: (Score:2, Interesting)

        by maxwell demon (590494)

        Not only that. Attackers could get your phone banking credentials by just recognizing when you call a phone banking number, and then recording the initial part of your phone call and sending the files to the attacker. Remember, as much as smartphones are computers, they are still phones (in principle it could be done for VoIP on traditional computers, too, but I guess few people do phone banking over VoIP). In addition, they often are GPS appliances as well, so additionally an attacker could use them to tra

    • Re: (Score:2, Interesting)

      by Seth024 (1241160)
      That's certainly possible.

      The big problem I believe is that there are so many different operating systems (Symbian, iPhone OS, Android...) that all have a part of the market. Being able to write a virus/find a backdoor to control 90% of PCs is very profitable. Just like there are not many people writing virusses for Mac OS or Linux, there are not many viruses for mobile phones (yet).
      • Re: (Score:3, Interesting)

        by delinear (991444)

        I would have thought, if it was easy, it would certainly already be happening. The smartphone market might be small compared to a desktop OS like Windows, but the possibility for profit is much more immediate, since you have a device which can connect to premium services without any further need to obtain secure passwords or banking details, etc. from the owner. You just set up a premium number in a foreign locale, have the software wait until the phone is idling (on charge maybe, and not been touched for a

    • It used to be in the Symbian S60V2 era. These days as a result of commercial entities wanting to eliminate piracy and others wanting to make wads of cash through sales of certificates, your average cell phone is pretty much locked down. If you want to install an application capable of doing anything more complex than "Hello World" you'll need to have it signed first.

      That said, not all handsets are closed, the Nokia N900 comes with its own xterm right out of the box - root is just a 'sudo getroot' away : ) A

      • by TyFoN (12980)

        You can install unsigned applications on Android as well.
        But to install a rootkit (as described in TFA), first you need to find a telephone that is rooted and has a custom rom that has a custom kernel that enabled the loading of kernel modules. Then you need to get the user to actually install the trojan and click "yes" to the "do you want this to run as root". A person with a phone in that configuration is unlikely to click yes for a game or something like that anyway.

    • by erroneus (253617)

      A LOT of useful data on an individual could be collected from smart phones including where they do business and other commerce. So instead of sending out random spam/phishing emails that alert and confuse people because they don't have an account at "Bank of Whatever." They could identify, among other things, what banks and shops they have visited and then send them targeted attacks saying "your recent visit to has made you eligible for this special offer. Please go and sign up for and provide your pe

  • lol (Score:2, Interesting)

    by larry bagina (561269)
    Microsoft Talks Back To Google's Security Claims -- coincidence?
  • Google will fix it in 2.3 Sherbet.

    - T. Roll

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      It's not a bug. They say "once it's installed." This isn't a rootkit, it's just an app that responds to incoming calls (anyone can do this now). There would still need to be an exploit to get the app installed in the first place. The title is certainly a little misleading.

    • by FunkyELF (609131)

      I don't see what there is to fix.
      The nice thing about an open platform is that you can install anything you want.
      Just un-check the box that only lets you install from trusted sources.
      The article simply said "Once it's installed on the Android phone".
      Later on it said it ran as a kernel module. I bet this is only installable voluntarily by someone with a rooted phone anyway and I say if the user wants to install a root-kit, let them install a root-kit.

  • by Anonymous Coward on Wednesday June 02, 2010 @09:51PM (#32440122)

    ...which could let the hacker get access.

    I am an Android developer--- and this article is fail. If a user just installs whatever app--- giving it whatever permissions to their phone.. how is this any different from a stupid user installing an app on their PC/MAC that has a trojan built in?

    And the ability to "listen" for a call is called a BroadcastReceiver. It's nothing special or hackish. Think a trigger ruleset for Android like you have for your mail client.

    Good god.

    • Yep, it's a trojan.

      From FTFA:

      Once it's installed on the Android phone, the rootkit can be activated via a phone call or SMS (short message service) message, giving attackers a stealthy and hard-to-detect tool for siphoning data from the phone or misdirecting the user. "You call the phone, the phone doesn't ring, and when the phone realizes that it's being called by an attacker's phone number, it sends him back a shell [program]," said Christian Papathanasiou, a security consultant with Chicago's Trustwav

      • Responding on behalf of the parent, the software has to be installed first. Manually.

        Now sure, someone borrowing your phone might do it, but the software has to get onto your phone and be permitted to make these changes first.

        This type of rootkit already exists in the form of phone locator software.

    • Re: (Score:3, Interesting)

      by AndroidCat (229562)

      (If they can rootkit my Milestone down past the locked loader, I want to know how! [Yeah, of course I got an Android phone, it was .. destiny.])

      Odds are there are far more stupid "smartphone" users than PC/Mac ones.

      Want to tap virgin pools of stupidity? There's an app for it!

    • by SQLGuru (980662)

      All it takes is one cool app that people want (say, a really cool free Tower Defense game) that incorporates the Trojan. The point of the Trojan is that is pretends to be something you want to get you to install it. Until someone figures out that it's a Trojan, it'll spread like wildfire.

    • by mlts (1038732) * on Wednesday June 02, 2010 @10:37PM (#32440352)

      Even if a user gives permissions, they may get their account and messages compromises, but unless there is an exploit the malware uses that isn't known by the modding/rooting community, there is NO WAY that something installed as an APK in a user account on a phone is going to be able to get root access to drop in a kernel module. Even if it did, phones like the Motorola Milestone have signed Linux kernels and are not built with the ability to load modules, so all it would do is nothing or cause the phone to bootloop.

      Don't forget, that a lot of kernels on Android phones are built monolithic and not allowing kernel extensions. A custom kernel that is explicitly built to allow .ko files on a G1 is likely what is needed for this exploit.

      I can see three ways that this kernel rootkit (which is nothing new -- there have been Linux kernel modules for rootkits since the late 1990s) can get on an Android device, and all three require a rooted phone:

      1: The app masquerades as a root utility. There are some utilities which are very useful for rooted phones. Droidwall, Autostarts, Wireless Tether, Wired Tether, root explorer, Titanium Backup, SQLite Editor, and a terminal emulator are must have utilities, because they add a lot of useful functionality. I can see a utility masquerading as something useful for rooted phones, getting installed, then going to town on the phone, replacing BusyBox with a utility that hides the rootkit, opening up a command port, and so on.

      2: Some malware is put on a custom ROM. This would kill the custom modding scene as we know it if this happens, and makes me wish that people who "cook" ROMs would PGP or gpg sign the images, so a determined blackhat would not be able to tamper with things.

      3: An app gets access to the SD card, manages to alter nandroid backups on the card and/or add an update.zip file which is signed, and then runs an update. This way, the malware package would be sucked in implicitly.

      So, for the average user with Android, a rootkit isn't going to happen unless it uses an exploit, and these days, RAMDLD exploits and such are rare for phones.

      • by toadlife (301863)

        This would kill the custom modding scene as we know it if this happens, and makes me wish that people who "cook" ROMs would PGP or gpg sign the images, so a determined blackhat would not be able to tamper with things.

        It wouldn't kill the scene, but it would certainly encourage ROM makers to provide checksums for/sign their releases and not preconfigure the OS to be so promiscuous.

        I cook my own Windows Mobile ROMs and sign every custom exe and dll that I insert into the ROM with my own self generated cert and pre-confgure the OS to trust that cert. Most (Windows Mobile) ROM makers just configure the OS to allow unsigned apps by default.

        Your idea is a good one. If/when I decide to release my ROM, I will provide checksums

        • by mlts (1038732) *

          It sounds like you know what you are doing and are able to cook ROMs worth downloading. I just think that because compromising phones is so lucrative [1] that it will only be a matter of time before the modding community (be it Windows Mobile, Android, jailbroken iPhone utilities, even the N900) will be strongly hit by this. This is why I like the idea of PGP/gpg signing ROMS, and perhaps urging a popular modding forum (xda-developers, modmymoto, etc.) to sign and store copies of developers' PGP/gpg keys

      • by ady1 (873490) *
        I agree with major part of your post except one small discrepancy. Milestone does not have a monolithic kernel. in fact, none of the android devices do. Simply because a lot of the underlying device drivers are propriety while the Linux kernle is GPL so Module support is a must. Just an example of a thirdparty module with stock kernel: http://code.google.com/p/milestone-overclock/ [google.com]
    • Something being "special or hackish" doesn't matter, as long as it works. The only reason to use convoluted-but-well-known methods instead of the platform API is to dodge security; there is no reason to do such things if there's nothing to dodge.
    • by khchung (462899) on Thursday June 03, 2010 @01:26AM (#32441386) Journal

      I am an Android developer--- and this article is fail. If a user just installs whatever app--- giving it whatever permissions to their phone.. how is this any different from a stupid user installing an app on their PC/MAC that has a trojan built in?

      And that's exactly why you and many /.ers cannot see the value proposition of the iPhone. For you, the Andriod phone is just a
      smaller PC, a general purpose computer, so if a user don't know enough not to install trojans, that's the users problem.

      But to the users, the phone is an appliance, that is used daily and contain lots of private information. The last thing I want is for it to crash or got trojan leaking my data. If the cost of that is I have to subject to Apple's arbitrary rules, cannot run flash, may miss out a few "cool" apps, and may not use the hardware to the fullest possibility, then so be it. I would still be using a 2G dumb phone if none of the phones in the market can give me that value.

      Similarly, I gladly accept the restrictions on my PS3 in exchange for eliminating most kinds of cheating (aimbots, etc) in online multiplayer games.

      As a user, I don't care if I am not using the hardware to the fullest possibility, what I care is what kind of value proposition the product is giving me.

      • Re: (Score:3, Insightful)

        by delinear (991444)
        What evidence do you have that it's any more or less difficult to execute this kind of attack against the Android over the iPhone? Both have locked down market places where regular users go for all of their app needs, the only difference is that more advanced users can install code from outside the market place on the Android. The kind of users who go to these lengths tend to have a bit more technical savvy, and would likely be the type of people who would jailbreak their iPhone anyway, exposing it to the s
        • by khchung (462899) on Thursday June 03, 2010 @08:25AM (#32443698) Journal

          You missed the point. General users don't care about what advance users cannot do. If you want a phone that you can install whatever you want, don't buy the iPhone.

          Secondly, whether by genius, pure luck, reality distortion field, crazy app store policy or whatever, Apple has successfully created the iPhone as a platform that can consistently delivery the intended appliance-like user experience.

          In contrast, it doesn't matter that you can write 2 papers or win every Slashdot argument that the Android is, in theory, just secure as the iPhone. When users cannot buy from the app store because his country is not supported, when users can only install pirated app because of that (and thus opening the opportunity for trojans), and when apps his friend told him about is invsible because of different OS version, it erodes the user's experience.

          Added on that, you got developers who thinks a user installing a trojan is his own fault, implying the user is responsible for learning to use the phone as a general purpose PC, then the phone failed to behave as an appliance, it lost its value for users look for an appliance.

      • by Pharmboy (216950) on Thursday June 03, 2010 @07:44AM (#32443288) Journal

        Similarly, I gladly accept the restrictions on my PS3 in exchange for eliminating most kinds of cheating (aimbots, etc) in online multiplayer games.

        But you are a different kind of user, just as iPhone customers are different than Android customers. Some of us WANT to tweak with the phone/system a bit and willing to pay the price, ie: higher likelyhood of issues and higher maintenance. This is the same reason I prefer PC games over console games.

        You don't have to be an uber hacker, or even a programmer, to appreciate the ability to tweak things. For you, the phone (or gaming console) is an "appliance". To me, my phone and computers are "tools", which can be sharpened, changed, upgraded, and sometimes broken. It is just a difference in expectations. I"m picking up my first Android in a week. The main reason I am getting one is to be able to ssh into my Linux servers and manage them from anywhere, and I mean anywhere. That doesn't sound like something you would do.

  • by Technomancer (51963) on Wednesday June 02, 2010 @09:57PM (#32440152)

    From TFA: "The rootkit could also track a victim's location or even reroute his browser to a malicious Web site."
    Really? And then what? The malicious website will install another worse rootkit?
    It has rootkit! The phone is compromised, all the information you have on it is potentially leaked and the phone doesn't belong to your carrier anymore (it never belonged to you, you realize that, right?) it belongs to the rootkit operator. The only cure is to either flash it with fresh OS or burn it with fire.

    • by fermion (181285)
      I agree that for the most part such a rootkit would be more of an annoyance than anything else. Most people don't do serious work on their phones, and so bank passwords and the like should not be an issue. However even annoyances can be an issue. Remember when everyone was up in arms because malicious web site would substitute or create additional advertising? Remember when everyone had a 'helper' browser plugin that would display pop ups and track all you web browsing then send all that data to adverti
    • by Fumus (1258966)

      the phone doesn't belong to your carrier anymore (it never belonged to you, you realize that, right?) it belongs to the rootkit operator.

      I don't know about you, but I buy my phones myself. It's always cheaper than if I got it on contract and had to pay an X amount of money over Y years.

  • by AC-x (735297) on Wednesday June 02, 2010 @10:10PM (#32440224)

    The headline makes it sound like you can get infected with a root kit from a phone call which is nothing like what's being said, what a load of sensationalist bollocks.

    Why would you even want to activate a root kit via a phone call? The phone's got a permanent internet connection so it may as well just poll a server for commands.

    • Re: (Score:3, Insightful)

      by Xest (935314)

      Yep, I'm trying to figure out what exactly the point of this demonstration is.

      It's like the guy in question has just figured out that you can write software that does bad things, not just good things, and so has written a piece to demonstrate this.

      What can be done is irrelevant, we already know what can be done, the problem is doing it, and that needs an attack vector, ideally a remotely exploitable one for the "best" hacks, and this guy hasn't found any.

      I'm not even sure it serves as an example of the futu

  • by Anonymous Coward on Wednesday June 02, 2010 @10:12PM (#32440238)

    You call the phone, the phone doesn't ring, and when the phone realizes that it's being called by an attacker's phone number, it sends him back a shell

    And then he can make the phone emit lasers that will kill your dog and drive your car into a wall!

    *sigh*

    The thing about a rootkit is that you need root before it works.

    Installing an app from Market (or anywhere else) won't do it.

    So.. in order for this to be a threat, the attacker would have to convince the user to root their phone (potentially bricking it), install their trojan app, then give that app root access.

    While there may be stupid people around, the number of stupid people who would root their phone, to install an app, and give that app root access, and not know that this a stupid thing to do is miniscule (and IMHO those that would deserve everything they get.)

    This is a total non-issue.

    • or an exploit to escalate privileges to root. :)

    • The thing about a rootkit is that you need root before it works.

      Installing an app from Market (or anywhere else) won't do it.

      So.. in order for this to be a threat, the attacker would have to convince the user to root their phone (potentially bricking it), install their trojan app, then give that app root access.

      While there may be stupid people around, the number of stupid people who would root their phone, to install an app, and give that app root access, and not know that this a stupid thing to do is miniscule (and IMHO those that would deserve everything they get.)

      This is a total non-issue.

      Why would you even need root? Just make a trojaned dialer replacement app. There are plenty of dialer apps out there already because the default Android one is rather crappy. Then you'd have access to all the contacts on the phone and the ability to send and receive calls and text messages. The user would have to grant you permission at first, but obviously they'd have to do that for any dialer app.

      As for spam? Anything like a webmail app to a multi-inbox like Slidescreen (which grabs messages from Fac

  • sooo. yeah? (Score:5, Insightful)

    by Eil (82413) on Wednesday June 02, 2010 @10:14PM (#32440252) Homepage Journal

    I'm not trying to belittle these guys' security research or anything, but why is it surprising that you can whip up a rootkit which runs on a phone? Anything with a CPU can have backdoors made for it. The hard part has always been getting the backdoors onto arbitrary devices without the owner knowing about it.

    Engineer a computer which can be proven secure and then I'll be impressed.

    • by ady1 (873490) *
      A rootkit is a program. To make a computer truly secure, you need to remove the ability to run programs. Thus, you need a computer which isn't a comp.... errr never mind.
  • Film at 11.

    This guys installed a fucking KERNEL MODULE into that system. Well, they can make it receive calls, or they can make it play fucking tetris. It's code. You can write whatever you want, and execute it however you want, if you have access!

    Being able to run code in a given processor is NOT AN EXPLOIT, it's just basic functionality. If I got ahold of your computer, installed a CD drive in it, erased your OS, then installed Ubuntu on it, and used that to play tetris, is that considered a vulnerability too?

    It would be a vuln if they had the ability to install that fucking rootkit without physical access to the phone. That's the hard part.

    Article is FUD and submiter is trolling. 0/10

    • Re: (Score:2, Interesting)

      by GNUALMAFUERTE (697061)

      Sorry to reply to myself, but this ridiculous "research" comes out a day after Google announces it's ditching windows because it's insecure. Anyone smells microsoft behind this "independent research"?

      • by Mark19960 (539856)

        Or Apple.
        There has been a lot of FUD like this lately.

        If they target the modding community someone will spot this VERY fast.
        If they get this on 10 phones without the owner knowing I would be shocked.

        They can do the same to iPhones so like you said, article fails.
        Better yet, take the article and replace android with iPhone OS and now you have Apple FUD.

        • by delinear (991444)
          I don't think Apple or MS benefit greatly from this, okay it specifically talks about Android phones, but some mud is bound to stick to them, too. Following the money would suggest AV vendors, who for years have been unable to make much headway selling AV solutions to Linux or OSX users, are suddenly worrying about the possible move to mobile devices which primarily use systems which haven't been subject to masses of viruses. On the horizon, mobiles with tethered devices for applications which require more
      • by D H NG (779318)
        Google announced no such thing. It's a news story from the Financial Times that Google neither confirmed nor denied.
  • by smart_ass (322852) on Wednesday June 02, 2010 @11:18PM (#32440564)

    If I get physical access to your phone I can install something that can steal all your contact info and CC #s ...
    How about I steal the phone, steal the info and then reset the phone and use it myself ... no Rootkit required?

    What the hell ... how is this news?

    Slow day on /.

    • by Fnord666 (889225)

      What the hell ... how is this news?

      Apparently it's news to samzenpus, which doesn't say much for the editorial staff here.

      • by delinear (991444)
        It contains the magic ingredients: a product by a popular or well known brand and the word "rootkit". There's probably an automated system to just greenlight all such stories without an editor ever having to intervene.
  • by mallyone (541741) on Wednesday June 02, 2010 @11:31PM (#32440654)
    Should read: Android rootkit is just a fud call away.
  • Sure the researcher had to write a kernel module etc etc... but how does most malware get on peoples computer? They inadvertently install it because they want IM icons, funny sounds, animated pointers etc etc. So what's to say someone doesn't write some Android application that appears to be harmless yet everyone wants it, then mom/dad/grandma install it?

    I would be more impressed if the researcher found a way to get rootkit software through Apple's auditing process.

    While I'm no apple fanboy, I would think

    • by delinear (991444)
      Of course anyone could write such an application. It won't have root, though, and it will have to flag up a message specifically requesting access to every process it needs to use at the point of install. If the application can survive not being spotted by someone technically competent and can convince a user that a nice icon pack needs access to their phone's dialling ability, then fair enough, there's not a lot you can do to mitigate this besides locking everything down and vetting everything. If this eve
  • Ahh...open source cell phones give me that wonderful, fuzzy, anti-establishment, broke ex-husband living in a 1 room apartment feeling.
  • Physical Access (Score:2, Insightful)

    by slater86 (1154729)
    Once it's installed on the Android phone

    One would assume that if you had physical access to most equipment, its usually game over anyway. No more vulnerable than a netbook really(both being more portable than desktops). Just more people have phones.
  • Okaaaaaaay. What's the point of this article?

    "Once it's installed" ...

    There's no description or indication of a specific exploit that can be leveraged. In fact the entire premise doesn't require an exploit at all.

    You know, once I light a match and burn my phone, it will be burnt! Good grief.

  • Once it's installed on the Android phone....

    samzenpus. You are a fucking idiot. Attention! One the fucking idiot program is installed into samzenpus's cpu he will become a fucking idiot. Too late.

  • So you are saying if I install software on a computer, said software can react to incoming data? Their (sic) should be a law against these sort of things!

    Coming up next: Man hits self with hammer; feels pain.

    PS: Yes, a phone number tends to stay associated with a device which is not true for IPv4. That might or might not change with IPv6.

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Working...