This story was originally published and last updated .
Earlier this year, a story madetherounds about a new kind of malware afflicting Android handsets. But it was this malware's pernicious nature that really made headlines, as it could even survive complete factory resets on afflicted phones. This insidious malware was named xHelper. At the time, we didn't know how it managed this impressive (but scary) achievement, but security researchers at Kaspersky have since dug into its inner workings, revealing an incredibly sophisticated system that installs itself to an Android phone's system partition, and even changes how the system works to prevent it from being "easily" removed.
Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.
Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information.
The researchers' rootkit, which can itself manipulate an infected device, works by hiding apps on a device, and redirecting app launches to said hidden apps.
Amid the turmoil surrounding Carrier IQ, the company's VP of Marketing, Andrew Coward, has come forward in a series of interviews with a few clarifications.
For those not in the loop, the controversy around Carrier IQ is based on developer Trevor Eckhart's findings which indicated that Carrier IQ's software was indeed collecting a vast array of information, and his demonstration showing that said data could be read using a simple command – one that could be executed by any malicious app with access to logcat. This data includes location information, SMS messages, and key taps.
Before we dive into Coward's remarks on the issue of security (and why he says CIQ is not to be blamed for insecure logs), it's important to look at how CIQ actually functions on a device.
Well, we didn't see this one coming. Hackers over at XDA-Developers have discovered that there is a hardware chip limiting the hackability of the G2, undermining the owner's ability to customize the Android OS. The chip acts as a rootkit and over-writes modifications to the /system partition after rebooting.
This is a very unsettling development. Heck, I thought we had a nice dynamic working in the Android manufacturer sphere: Motorola tried to lock down everything and HTC just made sweet devices. Guess that was too naive a viewpoint to take, as with this HTC have shown themselves capable of being just as stifling as Moto.