03
Jul
image

Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.

Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information.

The researchers' rootkit, which can itself manipulate an infected device, works by hiding apps on a device, and redirecting app launches to said hidden apps. An easy example, described in the video below, would be redirecting a user to a malicious browser that would intercept and exploit user input.

The video above shows a non-rooted device, and Jiang explains that the exploit does not need a privilege escalation, but instead relies on UI redressing, executed by hijacking the launcher, "which is completely different from earlier overlaying-based approaches."

Jiang also explains that "no existing mobile security software is able to detect" the exploit, and that the rootkit targets Android 4.0.4 and earlier devices.

The news isn't all bad, though. The best news is that this exploit was developed by a research team, meaning the risk of consumer devices being infected is pretty low. The good news, Jiang says, is “now that we’ve identified the problem, we can begin working on ways to protect against attacks like these.”

Via Computerworld

Liam Spradlin
Liam loves Android, design, user experience, and travel. He doesn't love ill-proportioned letter forms, advertisements made entirely of stock photography, and writing biographical snippets.

  • Anthony

    I wonder how much its gonna go for auction on the black market

  • Marc

    That's dangerous...

  • Mark Arpon

    I'm scared. :(

  • grozgueg

    > The good news, Jiang says, is “now that we’ve identified the problem, we can begin working on ways to protect against attacks like these.”

    that would be a good news if affected devices (all android devices) were updated...

    looks like google replaced microsoft on security issues...
    http://blogs.msdn.com/b/tzink/archive/2012/07/03/spam-from-an-android-botnet.aspx

  • elias

    If it can be done, someone will briefly do this and sell it, no matter if it's just on hands of researchers right now. However, I do wonder if these functionalities can be hidden in other apps and which permissions would they be demanding. If the app demands sensitive permissions, you simply shouldn't install it after all.

Quantcast