Security Researchers Develop Proof-of-Concept Rootkit for Android Phone



+ Add a Comment


If you have figured out how to hack a device and explore uncharted terrirtory such as this, just share it with the DOD and the security companies. NO need to demonstrate it in public!!!!


Do. Or do not. There is no try.



They haven't figured out how to "hack" anything.  Notice this little tidbit:


Percoco and Papathanasiou didn't say exactly how they were able to
bypass Android's security measures to install the rootkit in the first


Its a rootkit. Which means that you have to have root level access to install it, and Android phones don't allow that unless you've purposely rooted your phone.  Just installing an app from the Marketplace doesn't do it.  All they've done is written a kernel module that can do bad things.  Big whoop.  For this to be a threat, a user would have to:

1) Download an infected app

2) Purposely root their phone

3) Give the infected app root access


Not many people are that dumb.



live demos at defcon/blackhat/etc exist because simple disclosure doesn't work.

you have to make a spectacle out of it and get it into the news, otherwise the companies that feel threatened by it will simply shove it into a drawer and pretend it doesn't exist.

ask any white-hat and they'll tell you: the only reliable way to get a problem fixed is to 

a) disclose the problem/vuln to the parties that have the power to fix it

b) tell them you'll be demonstrating a proof-of-concept hack at a specific date in the future so they have until then to fix it.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.