Distribute it on DVDs at DEFCON

Aug 2, 2010 15:01 GMT  ·  By

Security researchers from Trustwave's SpiderLabs released at the DEFCON hackers conference a rootkit for the Android mobile operating system. The malicious application, which can give attackers full control over the devices, functions as a kernel module making it extremely powerful and stealthy.

A rootkit is a program designed to open a backdoor in an operating system through which attackers can execute commands as the super user (root), hence the name. Since Android is based on a lighter version of the Linux kernel, the rootkit distributed on DVDs to DEFCON attendees by the Trustwave researchers, works as a Linux kernel module.

Once installed on an Android-based device, the program monitors the incoming phone calls. When a call from a predefined number is detected, the phone is silenced and the rootkit opens a shell for the attacker. The same payload can also be triggered by sending a special SMS message.

Developing the rootkit took two weeks, but Nicholas Percoco, one of the researchers behind it, told Reuters that it wasn't difficult to build. "There are people who are much more motivated to do these things than we are," he commented.

But, while the rootkit makes for a great technical proof of concept, it is not very practical for mass attacks. Deploying it on a large scale would require for it to be packaged as a regular application and posted on the Android Marketplace, which involves passing Google's scrutiny. And even if this could be achieved, the application would then need to exploit an Android vulnerability in order to escape the confinements of the default sandbox and execute code with root privileges.

Therefore, the threat is much more suitable for targeted attacks, where the hacker can get physical access to the device for a period of time and install it. Such a scenario is not at all unlikely. Back in June, 50 people were arrested in Romania for installing mobile spyware on the phones of their business partners or spouses. In many cases, the spyware was installed on new devices, which were then handed out as gifts to the intended targets.

In a recent interview with Softpedia, Vincent Steckler, CEO of Avast Software, the company developing avast! Antivirus, commented that Android will increasingly be targeted by cyber criminals in the future. This is because it is not locked down as other smartphone operating systems and its popularity is growing by the day.

You can follow the editor on Twitter @lconstantin