03
Jul
image

Research Team Creates "Clickjack Rootkit" For Android That Can Hijack Apps, Exploit User Input

Posted by in Android OS, Development, News

Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.

Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information.

The researchers' rootkit, which can itself manipulate an infected device, works by hiding apps on a device, and redirecting app launches to said hidden apps.

03
Dec
image

Carrier IQ Explains How Its Software Works, Implicitly Blames HTC For Insecure Log Files, Data Leak Exposed By Trevor Eckhart

Posted by in Android OS, AT&T, HTC, Motorola, News, Samsung, Sprint, T-Mobile

Amid the turmoil surrounding Carrier IQ, the company's VP of Marketing, Andrew Coward, has come forward in a series of interviews with a few clarifications.

For those not in the loop, the controversy around Carrier IQ is based on developer Trevor Eckhart's findings which indicated that Carrier IQ's software was indeed collecting a vast array of information, and his demonstration showing that said data could be read using a simple command – one that could be executed by any malicious app with access to logcat. This data includes location information, SMS messages, and key taps.

Before we dive into Coward's remarks on the issue of security (and why he says CIQ is not to be blamed for insecure logs), it's important to look at how CIQ actually functions on a device.

06
Oct
image

T-Mobile G2 Auto-Reinstalls Stock Android If You Attempt To Root

Posted by in G2 (Vision), HTC, News

Well, we didn't see this one coming. Hackers over at XDA-Developers have discovered that there is a hardware chip limiting the hackability of the G2, undermining the owner's ability to customize the Android OS. The chip acts as a rootkit and over-writes modifications to the /system partition after rebooting.

This is a very unsettling development. Heck, I thought we had a nice dynamic working in the Android manufacturer sphere: Motorola tried to lock down everything and HTC just made sweet devices. Guess that was too naive a viewpoint to take, as with this HTC have shown themselves capable of being just as stifling as Moto.