Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.
Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information. Read More
Amid the turmoil surrounding Carrier IQ, the company's VP of Marketing, Andrew Coward, has come forward in a series of interviews with a few clarifications.
For those not in the loop, the controversy around Carrier IQ is based on developer Trevor Eckhart's findings which indicated that Carrier IQ's software was indeed collecting a vast array of information, and his demonstration showing that said data could be read using a simple command – one that could be executed by any malicious app with access to logcat. Read More
Well, we didn't see this one coming. Hackers over at XDA-Developers have discovered that there is a hardware chip limiting the hackability of the G2, undermining the owner's ability to customize the Android OS. The chip acts as a rootkit and over-writes modifications to the /system partition after rebooting.
This is a very unsettling development. Heck, I thought we had a nice dynamic working in the Android manufacturer sphere: Motorola tried to lock down everything and HTC just made sweet devices. Read More