Silent, Easily Made Android Rootkit Released At DefCon

An anonymous reader writes with news that security experts from Spider Labs released a kernel level rootkit for Android devices at DefCon on Friday. "As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number.' This ultimately results in full root access on the Android device." The rootkit was developed over a period of two weeks, and has been handed out to DefCon attendees on DVD.

At talk right now ... NON-ISSUE!

[Jahava]

So yet more developers want to make a make for themselves by elevating a non-issue. I am currently attending their talk, and must admit that I am disappointed.

The first half of the presentation is them chatting about.how rooting a phone is desirable due to its intimate association with the user.No shit! Everybody knows this.

So let's get to the interesting part: There is no new attack vector. No propagation from Dalvik VM to kernel. No new technique. They wrote a Linux rootkit, like anyone can do. It is a kernel module. Anyone can make one of those. It hooks the kernel in various places to hide itself from various process / module listings. How innovative? Please.

The call this an exploit ... nothing is exploited. They willingly participate in the installation at the root level. Their conclusion seems to be that someone with root has access to everything on a system. Shocking, eh?

The only funny part is that this took them 2 weeks to create. How terribly disappointing.

Re:What it doesn't say

The article is a troll piece hoping for clicks for ads. Here's the bug in question