[ISN] Researcher Builds Mock Botnet Of 'Twilight'-Loving Android Users

http://blogs.forbes.com/firewall/2010/06/21/researcher-builds-mock-botnet-of-twilight-loving-android-users/

By Andy Greenberg
The Firewall
Forbes.com
June 21, 2010

A word of caution to any Android users who downloaded an app over the 
past weekend promising pictures of the next Twilight film: Next time, 
your obsession with vampires might just turn your phone into a zombie.

In a talk at the hacker conference SummerCon last Friday, researcher Jon 
Oberheide gave a demonstration of just how easy it may be to infect 
large numbers of phones running Google's Android OS with hidden software 
that turns the devices into a zombie-like "botnet" under the control of 
a cybercriminal--particularly if that software associates itself with a 
phenomenon as popular and tween-entrancing as the upcoming Twilight 
Eclipse film.

Oberheide focused on what may be a serious security weakness in 
Android's App Market: that apps don't have to ask permission from a user 
to fetch new executable code. Even after an app has been approved for 
downloads in Google's market, Oberheide says, it can still metamorphose 
at will into a much less friendly program.

Oberheide, who works for security startup Scio Security, developed an 
application called "RootStrap" to demonstrate that trust problem for 
Android apps. After it's installed, Rootstrap periodically "phones home" 
to check for any new code that Oberheide wants to add to the program, 
including any hidden control program or "rootkit" that he wished to 
install--hence the program's name. "This is probably the most effective 
way to build a mobile botnet," Oberheide told SummerCon's audience of 
hackers and security researchers.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com