Forgot your password?
typodupeerror
Google Security Technology

Android Rootkit Is Just a Phone Call Away 190

Posted by samzenpus
from the dial-M-for-malware dept.
alphadogg writes "Hoping to understand what a new generation of mobile malware could resemble, security researchers will demonstrate a malicious 'rootkit' program they've written for Google's Android phone next month at the Defcon hacking conference in Las Vegas. Once it's installed on the Android phone, the rootkit can be activated via a phone call or SMS message, giving attackers a stealthy and hard-to-detect tool for siphoning data from the phone or misdirecting the user. 'You call the phone, the phone doesn't ring, and when the phone realizes that it's being called by an attacker's phone number, it sends him back a shell [program],' said Christian Papathanasiou, a security consultant with Chicago's Trustwave, the company that did the research."
This discussion has been archived. No new comments can be posted.

Android Rootkit Is Just a Phone Call Away

Comments Filter:
  • Anti Virus? (Score:4, Insightful)

    by kobaz (107760) on Wednesday June 02, 2010 @10:46PM (#32440094)

    Is there going to be a huge market for antivirus software for cell phones within the next few years?

  • Re:Anti Virus? (Score:2, Insightful)

    by grantek (979387) on Wednesday June 02, 2010 @10:56PM (#32440144)

    Well the Apple way of doing things would just be to yank any app that's discovered to have an active exploit, and maybe remote wipe it from phones, then probably disable any infected phones until the OS is reinstalled. If that works for the masses it could be a nightmare for Richard Stallman, because it'll probably spread from there to the desktop.

  • Re:Anti Virus? (Score:5, Insightful)

    by v1 (525388) on Wednesday June 02, 2010 @10:56PM (#32440146) Homepage Journal

    Is there going to be a huge market for antivirus software for cell phones within the next few years?

    For every "unlocked" phone that allows you to install unsigned software, yes. That's the price you pay for unlocked hardware. There are exceptions to the rule, (OS X) but they are very few and far between.

    Protecting your users from bad people isn't really very difficult. (firewall) Protecting them from themselves, that's a trick. (AV software)

    I'm surprised we haven't seen a much faster rise in malware for unlocked phones in the last few years.

  • Re:Anti Virus? (Score:3, Insightful)

    by Totenglocke (1291680) on Wednesday June 02, 2010 @10:59PM (#32440162)
    I'd rather just see anti-virus software on pc's incorporate definitions for mobile phone viruses / rookits as well - that way you can just run a virus scan once a week with your phone plugged into your computer and not have to worry about killing the battery life on your phone.
  • by AC-x (735297) on Wednesday June 02, 2010 @11:10PM (#32440224)

    The headline makes it sound like you can get infected with a root kit from a phone call which is nothing like what's being said, what a load of sensationalist bollocks.

    Why would you even want to activate a root kit via a phone call? The phone's got a permanent internet connection so it may as well just poll a server for commands.

  • by Anonymous Coward on Wednesday June 02, 2010 @11:12PM (#32440238)

    You call the phone, the phone doesn't ring, and when the phone realizes that it's being called by an attacker's phone number, it sends him back a shell

    And then he can make the phone emit lasers that will kill your dog and drive your car into a wall!

    *sigh*

    The thing about a rootkit is that you need root before it works.

    Installing an app from Market (or anywhere else) won't do it.

    So.. in order for this to be a threat, the attacker would have to convince the user to root their phone (potentially bricking it), install their trojan app, then give that app root access.

    While there may be stupid people around, the number of stupid people who would root their phone, to install an app, and give that app root access, and not know that this a stupid thing to do is miniscule (and IMHO those that would deserve everything they get.)

    This is a total non-issue.

  • sooo. yeah? (Score:5, Insightful)

    by Eil (82413) on Wednesday June 02, 2010 @11:14PM (#32440252) Homepage Journal

    I'm not trying to belittle these guys' security research or anything, but why is it surprising that you can whip up a rootkit which runs on a phone? Anything with a CPU can have backdoors made for it. The hard part has always been getting the backdoors onto arbitrary devices without the owner knowing about it.

    Engineer a computer which can be proven secure and then I'll be impressed.

  • by DrPeper (249585) on Wednesday June 02, 2010 @11:46PM (#32440390)

    Apple, and possible in some part by Microsoft. Competition is bad, just plain bad, when are we idiot consumers going to get this through our microscopic minds?!

  • Film at 11.

    This guys installed a fucking KERNEL MODULE into that system. Well, they can make it receive calls, or they can make it play fucking tetris. It's code. You can write whatever you want, and execute it however you want, if you have access!

    Being able to run code in a given processor is NOT AN EXPLOIT, it's just basic functionality. If I got ahold of your computer, installed a CD drive in it, erased your OS, then installed Ubuntu on it, and used that to play tetris, is that considered a vulnerability too?

    It would be a vuln if they had the ability to install that fucking rootkit without physical access to the phone. That's the hard part.

    Article is FUD and submiter is trolling. 0/10

  • by Anonymous Coward on Wednesday June 02, 2010 @11:49PM (#32440412)

    It's not a bug. They say "once it's installed." This isn't a rootkit, it's just an app that responds to incoming calls (anyone can do this now). There would still need to be an exploit to get the app installed in the first place. The title is certainly a little misleading.

  • Re:Anti Virus? (Score:3, Insightful)

    by FatdogHaiku (978357) on Thursday June 03, 2010 @12:04AM (#32440474)

    wait, you mean i have to trust the code i execute?

    Only on devices you want to reliably and securely use...
    it's kind of like that rule about only flossing the teeth you want to keep.

  • Re:Anti Virus? (Score:3, Insightful)

    by Skuld-Chan (302449) on Thursday June 03, 2010 @12:17AM (#32440550)

    Haven't read the article yet - so I wonder if this affects stock android phones. The default setting for android is not to install anything unsigned.

  • by smart_ass (322852) on Thursday June 03, 2010 @12:18AM (#32440564)

    If I get physical access to your phone I can install something that can steal all your contact info and CC #s ...
    How about I steal the phone, steal the info and then reset the phone and use it myself ... no Rootkit required?

    What the hell ... how is this news?

    Slow day on /.

  • Re:Anti Virus? (Score:3, Insightful)

    by erroneus (253617) on Thursday June 03, 2010 @01:59AM (#32441228) Homepage

    Don't jump to conclusions about this. A rootkit is not a virus and isn't necessarily malware at all depending on how it is applied and used.

    I could describe similar behaving software as an anti-theft and tracking function. Say someone steals my shiny new android phone and I want it back. Once I have some sort of access to the phone, I can ask it to take pictures and send them back to me. I can ask it to get a GPS read and send it back to me. I can ask it to get a log of activities such as options explored and executed, phone calls, text messages, web or other internet activity, track motion and location data to show where the phone has been and when -- anything to help identify where the phone is and who took it. The door to this functionality, of course, would be triggered by a phone call from a particular source (or a particular caller ID) or a specially crafted SMS text message.

    This discussion isn't about INFECTING a phone with a phone call or SMS text message. The planting of the rootkit most often comes from the execution of untrustworthy code, for example, a Sony-BMG music CD. The rootkit would be inserted by a game or app that the user himself decided to execute. While there is always the possibility of a web drive-by installation the way we hear about on Windows computers, I think it is more likely that the user would have to be mislead or fooled into running the code to install the rootkit.

    Such techniques would be used by both "bad guys" (criminals) and "other bad guys" (law enforcement).

  • Physical Access (Score:2, Insightful)

    by slater86 (1154729) on Thursday June 03, 2010 @02:19AM (#32441348)
    Once it's installed on the Android phone

    One would assume that if you had physical access to most equipment, its usually game over anyway. No more vulnerable than a netbook really(both being more portable than desktops). Just more people have phones.
  • by khchung (462899) on Thursday June 03, 2010 @02:26AM (#32441386) Journal

    I am an Android developer--- and this article is fail. If a user just installs whatever app--- giving it whatever permissions to their phone.. how is this any different from a stupid user installing an app on their PC/MAC that has a trojan built in?

    And that's exactly why you and many /.ers cannot see the value proposition of the iPhone. For you, the Andriod phone is just a
    smaller PC, a general purpose computer, so if a user don't know enough not to install trojans, that's the users problem.

    But to the users, the phone is an appliance, that is used daily and contain lots of private information. The last thing I want is for it to crash or got trojan leaking my data. If the cost of that is I have to subject to Apple's arbitrary rules, cannot run flash, may miss out a few "cool" apps, and may not use the hardware to the fullest possibility, then so be it. I would still be using a 2G dumb phone if none of the phones in the market can give me that value.

    Similarly, I gladly accept the restrictions on my PS3 in exchange for eliminating most kinds of cheating (aimbots, etc) in online multiplayer games.

    As a user, I don't care if I am not using the hardware to the fullest possibility, what I care is what kind of value proposition the product is giving me.

  • Re:Anti Virus? (Score:5, Insightful)

    by MrHanky (141717) on Thursday June 03, 2010 @02:43AM (#32441474) Homepage Journal

    How exactly is OS X an exception? If you think OS X has effective protection against trojans and root kits, you're deluding yourself.

  • Re:Anti Virus? (Score:1, Insightful)

    by sexconker (1179573) on Thursday June 03, 2010 @03:29AM (#32441706)

    "Jail Broken" is a shitty term, and it's less valid that the term you're bitching about.

    Unlocked (or Application Unlocked) - able to install unsigned/unapproved/unofficial programs
    Carrier Unlocked - able to move across carriers (provided the radio and ID methodology (SIM card, for example) are supported
    Rooted - Having root access on the phone
    Jail Broken - Derp I'm an Apple user derp

  • by Xest (935314) on Thursday June 03, 2010 @03:29AM (#32441708)

    Yep, I'm trying to figure out what exactly the point of this demonstration is.

    It's like the guy in question has just figured out that you can write software that does bad things, not just good things, and so has written a piece to demonstrate this.

    What can be done is irrelevant, we already know what can be done, the problem is doing it, and that needs an attack vector, ideally a remotely exploitable one for the "best" hacks, and this guy hasn't found any.

    I'm not even sure it serves as an example of the future of malware, it's hardly even imaginative. I suspect future malware threats will more likely involve things like P2P networks setup by the malware itself that is used to distribute updates that provide the malware with new exploits to try infecting other machines with or that receives anti-anti-virus updates to kill off any AV software even if attempts are made to update it. In general, I suspect malware will get a whole lot more intelligent in terms of mining data on infected systems, making users believe there's nothing wrong, and in spreading itself.

    The example in TFA demonstrates none of this sort of thing, just stuff that's long already been done. Hell, even my examples are hardly that far fetched, I'm sure some malware out there already does a lot of this sort of thing right now.

  • Re:Anti Virus? (Score:2, Insightful)

    by HappyClown (668699) on Thursday June 03, 2010 @03:48AM (#32441826)

    For every "unlocked" phone that allows you to install unsigned software, yes. That's the price you pay for unlocked hardware. There are exceptions to the rule, (OS X) but they are very few and far between.

    How exactly is OS X an exception?

    Due to the notably disproportionate lack of spyware on the Mac.

    By that logic, if I leave my front door open year round yet don't get burgled, my home must be burglar proof!

  • by delinear (991444) on Thursday June 03, 2010 @06:32AM (#32442484)
    What evidence do you have that it's any more or less difficult to execute this kind of attack against the Android over the iPhone? Both have locked down market places where regular users go for all of their app needs, the only difference is that more advanced users can install code from outside the market place on the Android. The kind of users who go to these lengths tend to have a bit more technical savvy, and would likely be the type of people who would jailbreak their iPhone anyway, exposing it to the same risk. What many /.ers object to is not that there is a walled app market, in fact the majority can probably agree that for average users this is a good thing, but that there's no means for the more advanced user to step outside that market without invalidating their warranty. Android shows that it's entirely possible to incorporate both approaches, but if you can demonstrate it's more vulnerable to attacks in the wild because of this, I'm certainly listening.
  • by delinear (991444) on Thursday June 03, 2010 @07:09AM (#32442636)
    There is no magic exploit. If I got physical access to your Android, I could root it then install a rootkit. If I got access to your iPhone, I could jailbreak it and install a rootkit. If I got access to either of your phones, why would I bother when I could just sell them for a guaranteed return? And if I have no access to your phone, how do I root it and install a rootkit? This isn't Apple vs Google, it's AV vendor FUD vs. common sense. By muddying the water you're working against common sense.
  • by Pharmboy (216950) on Thursday June 03, 2010 @08:44AM (#32443288) Journal

    Similarly, I gladly accept the restrictions on my PS3 in exchange for eliminating most kinds of cheating (aimbots, etc) in online multiplayer games.

    But you are a different kind of user, just as iPhone customers are different than Android customers. Some of us WANT to tweak with the phone/system a bit and willing to pay the price, ie: higher likelyhood of issues and higher maintenance. This is the same reason I prefer PC games over console games.

    You don't have to be an uber hacker, or even a programmer, to appreciate the ability to tweak things. For you, the phone (or gaming console) is an "appliance". To me, my phone and computers are "tools", which can be sharpened, changed, upgraded, and sometimes broken. It is just a difference in expectations. I"m picking up my first Android in a week. The main reason I am getting one is to be able to ssh into my Linux servers and manage them from anywhere, and I mean anywhere. That doesn't sound like something you would do.

  • by khchung (462899) on Thursday June 03, 2010 @09:25AM (#32443698) Journal

    You missed the point. General users don't care about what advance users cannot do. If you want a phone that you can install whatever you want, don't buy the iPhone.

    Secondly, whether by genius, pure luck, reality distortion field, crazy app store policy or whatever, Apple has successfully created the iPhone as a platform that can consistently delivery the intended appliance-like user experience.

    In contrast, it doesn't matter that you can write 2 papers or win every Slashdot argument that the Android is, in theory, just secure as the iPhone. When users cannot buy from the app store because his country is not supported, when users can only install pirated app because of that (and thus opening the opportunity for trojans), and when apps his friend told him about is invsible because of different OS version, it erodes the user's experience.

    Added on that, you got developers who thinks a user installing a trojan is his own fault, implying the user is responsible for learning to use the phone as a general purpose PC, then the phone failed to behave as an appliance, it lost its value for users look for an appliance.

  • You know if you posted other than AC you could answer this ...

    But have you seen how the permissions work on Android?

    When installing this app you'd have to give it permission to do the things it does. It asks explicitly.

Remember: use logout to logout.

Working...