Slashdot Mirror

← Back to Stories (view on slashdot.org)

Silent, Easily Made Android Rootkit Released At DefCon

Posted by Soulskill on from the it-slices-it-dices dept.

An anonymous reader writes with news that security experts from Spider Labs released a kernel level rootkit for Android devices at DefCon on Friday. "As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number.' This ultimately results in full root access on the Android device." The rootkit was developed over a period of two weeks, and has been handed out to DefCon attendees on DVD.

14 of 133 comments (clear)

  1. Apple by Anonymous Coward · · Score: 1, Insightful

    iPhone will always be the safest phone, all you linux and windows noobs getting your viruses and what not. All hail Apple!

  2. Not Helpful by Nom+du+Keyboard · · Score: 1, Insightful

    This is not a helpful development. Just another assh--- trying to show off what he (or she) thinks he can do better.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Not Helpful by fermion · · Score: 2, Insightful
      One can either leave the gate to the garden open or the gate to the garden closed. A closed and secured gate is a known security model with known consequences and benefits. If the gate is open, then it is important to show that other security measures, like limited access once is inside the garden to limit damage, provides sufficient security. If your garden is so uninteresting that no one ventures inside, then there is no evidence of security, just lameness.

      Therefore if the Android OS is to be shown to be secure, even against apps that user load on the phone, because there is no way a priori to know if an App is malicious, developers must write potentially malicious apps and test if they will cause harm or not. We already know from this conference that "Jackeeey Wallpaper" collects and publishes phone numbers and browser history from the phone, not a huge data breach, but shows the open garden is not fully protected.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  3. Re:What it doesn't say by camperslo · · Score: 2, Insightful

    Wouldn't it be trivial for a developer to add the code to an app store offering that seems to have some legitimate need for any permissions requested?

  4. Re:What it doesn't say by AnEducatedNegro · · Score: 4, Insightful

    Ok as an android developer, you can't break out of the VM. period. that's the whole point of it. this exploit they are talking about is a kernel driver which you would include in a custom rom that you download from, say, sdx-developers (shoutout!). Now once you have a kernel rootkit, well you know the hell that can cause. But let's face it folks, mobile computing is here to stay. This is no different than having a rootkit on your windows box and tethering it through your phone. All the phone company sees are packets. It's also time to realize that our phones are full fledged computers. You gotta protect them.

  5. Re:What it doesn't say by Svartalf · · Score: 2, Insightful

    Really? Can't break out of the VM, period?

    If the application uses this little toolchain to provide a native code .so, you're able to break right on out of the VM, possibly never to return. It's not very hard at all- and there's a host of possible exploits to apply once you're in that space, all depending on how locked down the user account actually is on your Android device.

    Let's all face a real fact here. Security has little to do with technology in and of itself. There's an aspect of it within the design of something, but in the end it's people that provide security as well. You would fail at securing something outright- you lay entirely too much faith in things like a VM to protect your system design.

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
  6. Re:What it doesn't say by Anonymous Coward · · Score: 3, Insightful

    This is no different than having a rootkit on your windows box and tethering it through your phone. All the phone company sees are packets. It's also time to realize that our phones are full fledged computers. You gotta protect them.

    Eh, oops... You just lost 99% of the general audience.

    The phone that will win the market is the phone made where the hardware/software/service providers are willing to guarantee to you to make consistent and continued effort to protect our phone from malware and problems, versus just declare it a "computer" and let YOU do it.

  7. Re:NO. by GreenTom · · Score: 2, Insightful

    I'd think I'd rather have my phone brick than get rooted, as long as there's some way I can reset it to factory config.

  8. Re:Oh how clever... by Anonymous Coward · · Score: 1, Insightful

    If you're going to believe in advertising, you might as well believe in magic anyway

  9. Re:Oh how clever... by Anonymous Coward · · Score: 1, Insightful

    "A wise man once said that any sufficiently advanced technology is indistinguishable from magic"

    for many people we've reached that point

  10. Re:At talk right now ... NON-ISSUE! by Anonymous Coward · · Score: 1, Insightful

    What the hell are you talking about?

    The OP makes a perfectly valid point...

    Little sensitive much?

  11. Re:Oh how clever... by blair1q · · Score: 2, Insightful

    In this case, the little old ladies already have to be holding the cudgel as well as the handbag.

  12. Re:Oh how clever... by A1rmanCha1rman · · Score: 2, Insightful

    computers and other devices are simply magic.

    Why wouldn't they; some of them are even advertised that way.

    Like my electronics teacher told my class "if you really think that n-p-n junctions are actually how semi-conductors work, you'll believe anything you are told".

    The scientific and logical explanations for the phenomena that underlie the technology we use are simply that, explanations. You'll never see n-p-n junctions under any microscope, because there probably aren't any.

    Even if there were, think about it, it won't make the phenomena of natural processes any less magical.

    All is magic...

    --
    I get up, I get down...
  13. Re:More power to open source! by SheeEttin · · Score: 2, Insightful

    I deem myself lucky that all software I have installed on my N900 is open source, which means I (or anyone else) can check the code, compile it and improve it anytime I feel the need to

    And have you?
    If you haven't, you're not that much better off. Assuming others have read the source and checked for security isn't a very good policy.