Android rootkits - malware on your smartphone

Filed Under: Android, Malware, Mobile

Android smartphone
Many of you are probably familiar with the concept of rootkits - malicious software that lurks hidden at a low-level on your Windows or Unix computer, remaining undetected by conventional anti-virus software.

Although new rootkits can be prevented from infecting your computer, if you had any rootkits before you installed your anti-virus, they may never be revealed. This threat really began to capture the headlines a couple of years ago, and as a result security vendors like Sophos provided free anti-rootkit software for Windows users to check and clean-up their systems.

But rootkits aren't just limited to conventional desktop operating systems.

Earlier this year we saw two scientists from Rutgers University discuss the possibility of smartphone rootkits, and now - according to media reports - security researchers are planning to demonstrate a malicious rootkit for Google's Android operating system.

Trustwave's Nicholas J Percoco and Christian Papathanasiou are planning to give a live demonstration at DEF CON next month of the kernel-level Android rootkit they have developed. Percoco and Papathanasiou claim that the rootkit - once activated - could be used to track the location of the mobile phone's owner, read their private SMS messages, and redirect calls to bogus numbers.

Of course, all of this relies upon malicious hackers having been able to plant the rootkit in the first place on your Android phone.

And that's quite a challenge for anybody who wants to spy on you.
Android application settings
The easiest way would probably be for the bad guys to have managed to get their evil mitts on your smartphone, and secured physical access to the device. But cybercriminals could also try to exploit an unpatched security vulnerability in the Android operating system, or use a social engineering trick to fool you into installing the malicious code.

And if they went down the malicious app route they would have either have to have waltzed around the safeguards that Google has put in place to vet applications distributed via the Android Market, or targeted an Android phone where the user has given permission for non-Market applications from unknown sources to be installed.

In other words, it sounds like there are less opportunities to infect an Android mobile phone with a rootkit than, say, a computer running Windows.

Nevertheless, owners of all types of computing device (be it desktop computer, laptop, netbook, smartphone or tablet) should remember to practise safe computing and ensure that they are only allowing code they trust to be run and installed on their computer.

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and, and circle him on Google Plus for regular updates.