Silent, Easily Made Android Rootkit Released At DefCon
An anonymous reader writes with news that security experts from Spider Labs released a kernel level rootkit for Android devices at DefCon on Friday. "As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number.' This ultimately results in full root access on the Android device." The rootkit was developed over a period of two weeks, and has been handed out to DefCon attendees on DVD.
It's getting really annoying seeing Google/Android fanbois falling over themselves to claim this is a non-issue, a non-story, etc. If the iPhone had a story about a rootkit, there would be 500+ comments, with half of them addressing Steve Jobs by name since Apple-haters think he can hear them.
Every time someone claims there is no attack vector, a hacker somewhere is always drooling over the idea of proving them wrong.
I bet the Android rootkit isn't the only rootkit on that CD... I for one wouldn't put anything I obtained at DefCon into any equipment I owned. Maybe not even into my shredder.