toggle

AAPL Stock: 113.29 ( + 0.37 )

Printed from http://www.macnn.com

Silent, easily made Android rootkit shown at Black Hat

updated 06:45 pm EDT, Fri July 30, 2010

Security experts make silent Android malware

SpiderLabs showed a rootkit at the Black Hat conference today that could compromise an Android phone without its owner's knowledge. The exploit, handed out on DVD at the hacking and security meetup, would let the wielder get complete control and personal data from an Android phone without triggering alerts. Team lead Nicholas Percoco said the app took just two weeks to build and would affect even modern Android 2.1 devices such as the HTC Desire and Legend.

The attack was made in an example of "ethical hacking" and was designed to pressure Google into closing the hole that made the root possible. Percoco didn't provide details of how the code worked, but he was expected to provide more details on Saturday. Rooting is increasingly common in Android as a whole as it gives more control over what apps and features can run.

Google hadn't commented on SpiderLabs' discovery as of Friday evening.

The hacking tool's creation comes just on the heels of concerns about Android Market apps also obtaining private data without the user's consent. As a platform, Android has been complimented for its freedom of choice but has also raised security issues as apps often have more control over core functions than they do on iOS or webOS. Google has been given similar mixed treatment for its app approval policies, as it intervenes significantly less in the submission process than Apple but has also been accused of letting a larger number of questionable apps reach the public.

Except for most AT&T devices, Android also has an option of allowing non-Market apps to install that could pose more of a risk, but the feature is turned off by default and warns users of the possible dangers. Similar permission isn't an option on the iPhone and requires a jailbreak.




by MacNN Staff

toggle

Comments

  1. Makosuke

    Joined: Dec 1969

    +14

    Double Standard

    Picture, for a moment, the headlines on even non-tech news sites tomorrow morning if this rootkit had been for iOS. I would bet money it'd be up there on CNN.com, et al. I would also bet money this won't see any play outside tech sites, and considerably less interest at those.

    I don't have anything against Android, and I actually don't think this speaks too much to the security or insecurity of either platform (apart from the fact that iOS, by its more closed nature, is harder to get something to the user on). Just saying that it's a major double standard when it comes to how issues are reported, inside and outside the tech media.

    And "It's because Apple is the biggest" isn't much of an excuse, given that if you only count phones Android devices are outselling iPhones, no matter how you look at it iPhones do not constitute a majority of in-use smartphone-class devices (there are a lot of Blackberries and old WinCE things floating around), and if you count phones overall Apple has something like a 3% share. Apple is not a monopoly, isn't even much of a majority unless you're very selective about what you count, and currently there are no signs that Apple will become either.

  1. Foe Hammer

    Joined: Dec 1969

    +1

    They'll Put a Positive Spin On It ...

    Something like "What's the matter, Apple? Android already has this rootkit app that an awful lot of people really want and want badly ... no one wants any of your apps that much! So that proves that Android is going to drink your milkshake!"

  1. IxOsX

    Joined: Dec 1969

    +1

    They have to watch their backs

    Android, is an OS that are having a great growth. So as any other big OS is beginning to be a target of exploits. Is urgent for Android, to become more concern on their security. I confess my curiosity over this model, because is a Open environment relativity to their OS, but is very much closed about the Applications that run on the OS that are disponible on the Android Market. One thing is for chore, Google have to greatly improve their security on their new market model. And just a parenthesis for some people who sometimes confuse Android OS Model, free software is not equal to open-source... Open-source could be free or not, but the code is always public, and Android Market is not open-source, that I know!

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

Wren V5US Wireless Sound System

If you're a music fanatic, chances are you are, by extension, a bit fanatical about what you listen to your music on. If you're like ...

toggle

Most Commented