Rootkit running on Android Phones

amazon3d

Registered User
Joined
Oct 23, 2008
Messages
988
Well all you lucky hoes who got the android platform before me should be watching where you visit now. Apparently theres a snake in them there boots:


Rootkit Running on Android Phone
It looks like one of the presentations at Defcon this year will be two guys demonstrating a rootkit running on an Android phone. These guys must be pretty confident their proof of concept can't be thwarted, the show isn’t until next month. Thanks to WhiteH4t for the linkage.

The implications of this are huge; an attacker can proceed to read all SMS messages on the device/incur the owner with long-distance costs, even potentially pin-point the mobile device's exact GPS location. Such a rootkit could be delivered over-the-air or installed alongside a rogue app. Our talk will take participants down this path of development, describing how the PoC was written and laying the foundations for our research to be taken further.

Taken from www.HardOCP.com
 
theres already the cyanogen that part of installing it is opening up root access. Also it still doesnt mean someone can put this on your phone remotely without you knowing it also doesnt mean they can sneak it in with a bad app because of Linux's builting security features...
already said by a commenter of that article so ill just copy and past here.

One small problem. To install a kernel module you need to have root access to begin with. The only way for this to spread would be to infect something like Verizon's OTA update. Despite the claims of the article, it can't spread with apps since apps don't run as root (unless it is for a rooted phone, in which case the user has to approve it first anyway).

Far simpler would be to ask the user for the permissions you want and just use the Android API calls to get the data you want. You know if someone downloads a game they think sounds cool and it asks for internet access as well as access to personal information they are just going to click "Yes" anyway...
..Android's security model is *very* good. Every app runs as its own Linux user (including official apps), so even if you escape Android's security system you are still stopped by Linux's security model. So to have an app automatically install this, you would need to discover a way to escalate a user account to root (a user account with fewer permissions than a standard user, btw). If they figured out how to do that, the talk would be about that and not some kernel module that in and of itself doesn't mean anything.

What they are presenting is basically saying "we wrote an app that, once running as root, can be used to grant remote access as the root user". My response is basically "no shit, sherlock". The hard part is getting root access in the first place, which the description makes no mention of. The description says that talk is about what you can do if you already have root. Well, great, but who cares?
 
Back
Top