http://blogs.forbes.com/firewall/2010/06/21/researcher-builds-mock-botnet-of-twilight-loving-android-users/ By Andy Greenberg The Firewall Forbes.com June 21, 2010 A word of caution to any Android users who downloaded an app over the past weekend promising pictures of the next Twilight film: Next time, your obsession with vampires might just turn your phone into a zombie. In a talk at the hacker conference SummerCon last Friday, researcher Jon Oberheide gave a demonstration of just how easy it may be to infect large numbers of phones running Google's Android OS with hidden software that turns the devices into a zombie-like "botnet" under the control of a cybercriminal--particularly if that software associates itself with a phenomenon as popular and tween-entrancing as the upcoming Twilight Eclipse film. Oberheide focused on what may be a serious security weakness in Android's App Market: that apps don't have to ask permission from a user to fetch new executable code. Even after an app has been approved for downloads in Google's market, Oberheide says, it can still metamorphose at will into a much less friendly program. Oberheide, who works for security startup Scio Security, developed an application called "RootStrap" to demonstrate that trust problem for Android apps. After it's installed, Rootstrap periodically "phones home" to check for any new code that Oberheide wants to add to the program, including any hidden control program or "rootkit" that he wished to install--hence the program's name. "This is probably the most effective way to build a mobile botnet," Oberheide told SummerCon's audience of hackers and security researchers. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Mon Jun 21 2010 - 22:27:02 PDT
This archive was generated by hypermail 2.2.0 : Mon Jun 21 2010 - 22:37:05 PDT