Slashdot Mirror

← Back to Stories (view on slashdot.org)

Silent, Easily Made Android Rootkit Released At DefCon

Posted by Soulskill on from the it-slices-it-dices dept.

An anonymous reader writes with news that security experts from Spider Labs released a kernel level rootkit for Android devices at DefCon on Friday. "As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number.' This ultimately results in full root access on the Android device." The rootkit was developed over a period of two weeks, and has been handed out to DefCon attendees on DVD.

2 of 133 comments (clear)

  1. I posted this story but the editors cut out... by Anonymous Coward · · Score: 5, Interesting

    ... an important question.

    (The spider labs people claim) they did this to prompt Google to issue a fix. However, since the carriers seem to be very slow in updating the Android OS for their phones (a substantial number, perhaps a majority have never received an update), WHEN CAN WE EXPECT A FIX to get to the millions of phones out there? Compare this to the Apple ecosystem which received an update for their (admittedly widely publicized) Antennagate issue within weeks (whether or not it actually fixed anything is another question). In general Apple devices are (forcibly?) updated much more quickly. Perhaps this is because of his holinesses... I mean Steve Jobs powers of persuasion. ;)

    Of course as an A/C I can't prove it but if you look at the submission, you'll see that's what I said. I no longer login because I feel that while attacking a company's products is fair game (specifically Apple), having stories singling out their users as "selfish" and unkind is not "news for nerds stuff that matters". Am I an Apple fanboi? Let's just say I've used NIX for decades (yes I'm old) and I'm not talking OS X.

  2. At talk right now ... NON-ISSUE! by Jahava · · Score: 5, Informative

    So yet more developers want to make a make for themselves by elevating a non-issue. I am currently attending their talk, and must admit that I am disappointed.

    The first half of the presentation is them chatting about.how rooting a phone is desirable due to its intimate association with the user.No shit! Everybody knows this.

    So let's get to the interesting part: There is no new attack vector. No propagation from Dalvik VM to kernel. No new technique. They wrote a Linux rootkit, like anyone can do. It is a kernel module. Anyone can make one of those. It hooks the kernel in various places to hide itself from various process / module listings. How innovative? Please.

    The call this an exploit ... nothing is exploited. They willingly participate in the installation at the root level. Their conclusion seems to be that someone with root has access to everything on a system. Shocking, eh?

    The only funny part is that this took them 2 weeks to create. How terribly disappointing.