Sophos downplays Android malware threat
Android users have little reason to fear an immediate onslaught of malware despite the demonstration of a rootkit-based attack at last week's Defcon conference, according to a leading anti-virus supplier. Researchers at Spider Labs demonstrated proof-of-concept malware that could access messages and emails on an Android …
Justice?
So far the only smartphones affected by malware in the media have been jailbroken.
Serves them right
no remote install -> no threat
If my G1 pops up a random su requester you can guarantee I'll get suspicious real fast. Until someone finds a *silent* privilege escalation being jailbroken is no less secure than not, on Android at least.
This rootkit claim appears to require physical possession of the phone, at which point its rooted state hardly matters, just saving them rooting it themselves!
its basic Linux security
'su' is how you run commands with root permissions, without it a rooted phone behaves identically to an unrooted one. Since su pops up a full screen requester every time its used it's hard to sneak su use in without the user noticing. Hard to install a rootkit without su...
When someone works out how to bypass that requester then we'll be in trouble.
So...
It's basically like running your computer without full permissions and having it ask you for a password every time something tries to change the registry or run a program?
An ingenious idea for a smartphone
Super User
The short answer is it stands for Super User and can only be accomplished with a rooted Android phone.
His point is even on a rooted phone when a program tries to execute SU it has to ask for permission.
There's still one vector of attack tho.
The ignoramus Joe Sixpack, aka PEBCAK, aka the victim of ye olde social engineering trick.
Disguise rootkit as attractive game/utility, put in some lies about needing root support for something or other (and sprinkle it with technobabble to deter Joe Sixpack from reading further), and you have rooted access soon enough.
Of course this happens all the time, to all systems. and it'd be Joe Sixpack's own fault for failing to exercise skepticism, but in litigious countries like the US and most of Europe, it's not hard to predict what's going to happen next.
Paris, because she's an example of a Joe Sixpack.
Re : "tries to change the registry"
What's the 'registry' ?
:-)
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
