Slashdot Mirror

← Back to Stories (view on slashdot.org)

Silent, Easily Made Android Rootkit Released At DefCon

Posted by Soulskill on from the it-slices-it-dices dept.

An anonymous reader writes with news that security experts from Spider Labs released a kernel level rootkit for Android devices at DefCon on Friday. "As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number.' This ultimately results in full root access on the Android device." The rootkit was developed over a period of two weeks, and has been handed out to DefCon attendees on DVD.

3 of 133 comments (clear)

  1. What it doesn't say by TyFoN · · Score: 4, Interesting

    Do you have to have a rooted device already in order to install it or does it use an exploit to gain this? Will it show the usual warnings about permission requirements when installing?
    If it does use an exploit, it would be interesting to use this for regular rooting of the devices.

  2. I posted this story but the editors cut out... by Anonymous Coward · · Score: 5, Interesting

    ... an important question.

    (The spider labs people claim) they did this to prompt Google to issue a fix. However, since the carriers seem to be very slow in updating the Android OS for their phones (a substantial number, perhaps a majority have never received an update), WHEN CAN WE EXPECT A FIX to get to the millions of phones out there? Compare this to the Apple ecosystem which received an update for their (admittedly widely publicized) Antennagate issue within weeks (whether or not it actually fixed anything is another question). In general Apple devices are (forcibly?) updated much more quickly. Perhaps this is because of his holinesses... I mean Steve Jobs powers of persuasion. ;)

    Of course as an A/C I can't prove it but if you look at the submission, you'll see that's what I said. I no longer login because I feel that while attacking a company's products is fair game (specifically Apple), having stories singling out their users as "selfish" and unkind is not "news for nerds stuff that matters". Am I an Apple fanboi? Let's just say I've used NIX for decades (yes I'm old) and I'm not talking OS X.

  3. Two things ... by GNUALMAFUERTE · · Score: 4, Interesting

    1st:

    Not news. Anything with a processor in it can run software. That software can do a number of things, and, considering that the processor is turing complete, it can actually do anything. Including allowing remote stealth access. That is NOT news and is NOT a vulnerability or anything to get excited about. Show me that you found a buffer overflow in Android's TCP stack that allows you to run arbitrary code on the device remotely. Of course you can put a rootkit in there after gaining access, you could run tetris for all I care. If you need unlimited rw access to the software to setup your malware, that is not fucking news.

    2nd:

    FTFA:

    "Attendees pay $140 in cash to attend and are not required to provide their names to attend the conference. Law enforcement posts undercover agents in the audience to spot criminals and government officials recruit workers to fight computer crimes and for the Department of Defense."
    (Reporting by Jim Finkle; additional reporting by Alexei Oreskovic in San Francisco; editing by Andre Grenon)

    Wow. Just wow. Attentive Attendees attend to the conference. No shit. Andre Grenon could be a /. editor.

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?