Silent, Easily Made Android Rootkit Released At DefCon

An anonymous reader writes with news that security experts from Spider Labs released a kernel level rootkit for Android devices at DefCon on Friday. "As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number.' This ultimately results in full root access on the Android device." The rootkit was developed over a period of two weeks, and has been handed out to DefCon attendees on DVD.

Re:What it doesn't say

Based on a few other articles that I've read, the owner of the phone would need to install an app that contains this rootkit first. Either users would need to sideload the application or someone would need to sneak an app containing it into the Android Marketplace, which is possible considering that developers have snuck apps with hidden tethering functionalities into the iPhone's App Store in the past.

Wow. Your fandroid response is pretty funny. Instead of pointing out an example from the Android Marketplace, downloaded by millions, which does exactly what you are talking about, you choose to go after a harmless iPhone app.

How does that Android Kool Aid taste, anyhow?