Researchers find new malware in Android Ice Cream Sandwich
- 02 July, 2012 21:30
- Comments
A research team at North Carolina State University led by Professor Xuxian Jiang recently announced that a security flaw in Android Version 4.0.4 and below could exploited by a rootkit with relative ease, according to an official university research blog post.
MORE ANDROID SECURITY: New Android malware disguised as security app
Like most Android malware, the rootkit can be distributed as a malicious app, opening up a host of potential vulnerabilities on any device on which it is installed. However, it functions in a different way.
Instead of directly attacking the operating system kernel, blog author Matt Shipman wrote, the rootkit approach targets a flaw in the Android framework -- creating a host of possibilities for a hacker.
"This would be a more sophisticated type of attack than we've seen before, specifically tailored to smartphone platforms," said Jiang. "The rootkit was not that difficult to develop, and no existing mobile security software is able to detect it."
A YouTube demonstration highlights the simplicity of the rootkit -- the user was able to hijack a standard Nexus S with ease, reprogramming the browser icon to launch Angry Birds instead. Apps can be hidden on the device but remain installed and functional, which could enable a hacker to conceal malicious software from unsuspecting users.
"This has the potential to cause some real mischief," the video's narrator says.
Jiang's team is working on a fix for the problem, according to the blog post.
The blog post notes that Jiang is the founder of the Android Malware Genome Project, a large-scale academic research effort into Android malware. Before the founding of that project, Jiang also helped identify security holes in the ad libraries used by mobile advertisers on the Android platform, warning of their vulnerability.
Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.
Read more about wide area network in Network World's Wide Area Network section.
- Bookmark this page
- Share this article
- Got more on this story? Email ARN
- Follow ARN on twitter
- Choice and Control: Considerations for Developing Enterprise Cloud Strategies
- Virtualization and Consolidation Solutions
- McAfee Whitepaper: Building the Business Case for Privacy
- Smart Cloud: Move Beyond monitoring to Holistic Management of Application Performance
- Smart Cloud Provisioning: Low Cost and highly Scalable Entry Point into Cloud Computing
- Brocade’s Meyer appointed to OpenDaylight Project Committee
- Barracuda Networks raises free capacity of Copy.com to 15GB
- EXCLUSIVE: Cyan lays out Australian expansion plan
- EXCLUSIVE: Channel training integral to Intel smartphone/tablet growth
- In Pictures: She's gonna blow! 10 Star Trek technologies that are almost here
-
Barracuda Networks raises free capacity of Copy.com to 15GB
-
Barracuda Networks raises free capacity of Copy.com to 15GB
-
Barracuda Networks raises free capacity of Copy.com to 15GB
-
Barracuda Networks raises free capacity of Copy.com to 15GB
-
Barracuda Networks raises free capacity of Copy.com to 15GB
Get exclusive access to ARN's news, research and invitation only events. 
