- Florida pastor not backing down on Koran-burning | Video
- B vitamins found to halve brain shrinkage in old
- Firm can't fire man for 1.8 cent theft
- Obama: U.S. can't afford to extend tax cuts for rich
- Fidel Castro says Cuban model no longer works
- Obama: U.S. can't afford to extend tax cuts for rich | Video
- Boeing not ruling out merger with rival
- German party mistakenly hands out porn pens to kids
- BP and partners trade blame for oil spill | Video
- Religious leaders condemn "anti-Muslim" frenzy
NYSE and AMEX quotes delayed by at least 20 minutes. NASDAQ delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.
Software released for attacking Android phones
A model demonstrates the Nexus One smartphone, the first mobile phone Google will sell directly to consumers based on its Android platform, after a news conference at Google headquarters in Mountain View, California January 5, 2010.
Credit: Reuters/Robert Galbraith
LAS VEGAS |
LAS VEGAS (Reuters) - Two security experts said on Friday they released a tool for attacking smartphones that use Google Inc's Android operating system to persuade manufacturers to fix a bug that lets hackers read a victim's email and text messages.
"It wasn't difficult to build," said Nicholas Percoco, head of Spider Labs, who along with a colleague, released the tool at the Defcon hacker's conference in Las Vegas on Friday.
Percoco said it took about two weeks to build the malicious software that could allow criminals to steal precious information from Android smartphones.
"There are people who are much more motivated to do these things than we are," he added.
The tool is a so-called root kit that, once installed, allows its developer to gain total control of Android devices, which are being activated by consumers at a rate of about 160,000 units per day, according to Google.
"We could be doing what we want to do and there is no clue that we are there," Percoco said.
The test attacks were conducted on HTC Corp's Android-based Legend and Desire phones, but he believed it could be conducted on other Android phones.
The tool was released on a DVD given to conference attendees. Percoco was scheduled to discuss it during a talk on Saturday.
Google and HTC did not immediately return calls for comment.
Some 10,000 hackers and security experts are attending the Defcon conference, the world's largest gathering of its type, where computer geeks mix with federal security officials.
Attendees pay $140 in cash to attend and are not required to provide their names to attend the conference. Law enforcement posts undercover agents in the audience to spot criminals and government officials recruit workers to fight computer crimes and for the Department of Defense.
Organizers of the conference say presenters release tools such as Percoco's root kit to pressure manufacturers to fix bugs.
(Reporting by Jim Finkle; additional reporting by Alexei Oreskovic in San Francisco; editing by Andre Grenon)
I think I’m going to switch to tin cans connected by a very long string.
“Attendees pay $140 in cash to attend and are not required to provide their names to attend the conference.”
Well, Andre Grenon, that’s some great editing work right there.
Attentive attendees attend with attention.
Well, Google exactly is not known for “security”. They still only care for “speed” and “volume”.
OK, folks lets review… The information that is on your Android phone is on your Google account. If you are truly worried about security, I am thinking @breezinthru has the answer you want – tin cans and a string.
Well, it does debunk that myth that Linux is totally virus proof. As soon as phones allowed it to become a “mainstream” OS comparable to PC’s, somebody just came up with a way to exploit it. *Snap* just like that.
This article fails to explain the most important detail: how is this exploit accomplished? Can root be achieved simply my clicking on a malicious link or does the attacker have to have physical possession of the victim’s phone? If the latter is the case than this is not really a
@socratesfoot
who says that linux is totally virus proof?
every OS can be infected, even mac.
windows has the most virus because it has alot of users.
However, viruses that build for windows, will not work if it executed in linux
but this doesn’t mean that linux is a virus proof OS.
CMIIW
Please, stop talking about Linux viruses if you have no idea what you are talking about.
Linux is totally virus proof. The virus definition goes: “A computer virus is a computer program that can copy itself[1] and infect a computer, which simply does not work under Linux. If user interaction is required, then it may be a trojan or a rootkit, which are NOT viruses. As the article very clearly states here, this is a rootkit, not a virus.
On a different note, Android gets some foundations from Linux Kernel 2.6, building its software stack with many of its own layers on top. Linux security can hardly be judged because of an Android vulnerability.
To provide a bit more background, I found this at slashdot.org, apparently anonymously posted:
“…(The piece of malicious software) is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a ‘trigger number.’”
