Printed from http://www.electronista.com

Silent, easily made Android rootkit shown at Black Hat

updated 06:45 pm EDT, Fri July 30, 2010

Security experts make silent Android malware

SpiderLabs showed a rootkit at the Black Hat conference today that could compromise an Android phone without its owner's knowledge. The exploit, handed out on DVD at the hacking and security meetup, would let the wielder get complete control and personal data from an Android phone without triggering alerts. Team lead Nicholas Percoco said the app took just two weeks to build and would affect even modern Android 2.1 devices such as the HTC Desire and Legend.

The attack was made in an example of "ethical hacking" and was designed to pressure Google into closing the hole that made the root possible. Percoco didn't provide details of how the code worked, but he was expected to provide more details on Saturday. Rooting is increasingly common in Android as a whole as it gives more control over what apps and features can run.

Google hadn't commented on SpiderLabs' discovery as of Friday evening.

The hacking tool's creation comes just on the heels of concerns about Android Market apps also obtaining private data without the user's consent. As a platform, Android has been complimented for its freedom of choice but has also raised security issues as apps often have more control over core functions than they do on iOS or webOS. Google has been given similar mixed treatment for its app approval policies, as it intervenes significantly less in the submission process than Apple but has also been accused of letting a larger number of questionable apps reach the public.

Except for most AT&T devices, Android also has an option of allowing non-Market apps to install that could pose more of a risk, but the feature is turned off by default and warns users of the possible dangers. Similar permission isn't an option on the iPhone and requires a jailbreak.



By Electronista Staff
toggle

Comments

  1. Makosuke

    Forum Regular

    Joined: Aug 2001

    +14

    Double Standard

    Picture, for a moment, the headlines on even non-tech news sites tomorrow morning if this rootkit had been for iOS. I would bet money it'd be up there on CNN.com, et al. I would also bet money this won't see any play outside tech sites, and considerably less interest at those.

    I don't have anything against Android, and I actually don't think this speaks too much to the security or insecurity of either platform (apart from the fact that iOS, by its more closed nature, is harder to get something to the user on). Just saying that it's a major double standard when it comes to how issues are reported, inside and outside the tech media.

    And "It's because Apple is the biggest" isn't much of an excuse, given that if you only count phones Android devices are outselling iPhones, no matter how you look at it iPhones do not constitute a majority of in-use smartphone-class devices (there are a lot of Blackberries and old WinCE things floating around), and if you count phones overall Apple has something like a 3% share. Apple is not a monopoly, isn't even much of a majority unless you're very selective about what you count, and currently there are no signs that Apple will become either.

  1. Foe Hammer

    Fresh-Faced Recruit

    Joined: Feb 2005

    +1

    They'll Put a Positive Spin On It ...

    Something like "What's the matter, Apple? Android already has this rootkit app that an awful lot of people really want and want badly ... no one wants any of your apps that much! So that proves that Android is going to drink your milkshake!"

  1. IxOsX

    Fresh-Faced Recruit

    Joined: Feb 2009

    +1

    They have to watch their backs

    Android, is an OS that are having a great growth. So as any other big OS is beginning to be a target of exploits. Is urgent for Android, to become more concern on their security. I confess my curiosity over this model, because is a Open environment relativity to their OS, but is very much closed about the Applications that run on the OS that are disponible on the Android Market. One thing is for chore, Google have to greatly improve their security on their new market model. And just a parenthesis for some people who sometimes confuse Android OS Model, free software is not equal to open-source... Open-source could be free or not, but the code is always public, and Android Market is not open-source, that I know!

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a fort ...

Sponsor

toggle

Most Commented

 
toggle

Popular News