Information Security News mailing list archives
Researcher Builds Mock Botnet Of 'Twilight'-Loving Android Users
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 22 Jun 2010 00:27:02 -0500 (CDT)
http://blogs.forbes.com/firewall/2010/06/21/researcher-builds-mock-botnet-of-twilight-loving-android-users/ By Andy Greenberg The Firewall Forbes.com June 21, 2010 A word of caution to any Android users who downloaded an app over the past weekend promising pictures of the next Twilight film: Next time, your obsession with vampires might just turn your phone into a zombie. In a talk at the hacker conference SummerCon last Friday, researcher Jon Oberheide gave a demonstration of just how easy it may be to infect large numbers of phones running Google's Android OS with hidden software that turns the devices into a zombie-like "botnet" under the control of a cybercriminal--particularly if that software associates itself with a phenomenon as popular and tween-entrancing as the upcoming Twilight Eclipse film. Oberheide focused on what may be a serious security weakness in Android's App Market: that apps don't have to ask permission from a user to fetch new executable code. Even after an app has been approved for downloads in Google's market, Oberheide says, it can still metamorphose at will into a much less friendly program. Oberheide, who works for security startup Scio Security, developed an application called "RootStrap" to demonstrate that trust problem for Android apps. After it's installed, Rootstrap periodically "phones home" to check for any new code that Oberheide wants to add to the program, including any hidden control program or "rootkit" that he wished to install--hence the program's name. "This is probably the most effective way to build a mobile botnet," Oberheide told SummerCon's audience of hackers and security researchers. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.com
Current thread:
- Researcher Builds Mock Botnet Of 'Twilight'-Loving Android Users InfoSec News (Jun 21)