Sophos downplays Android malware threat Android users have little reason to fear an immediate onslaught of malware despite the demonstration of a rootkit-based attack at last week's Defcon conference, according to a leading anti-virus supplier. Researchers at Spider Labs demonstrated proof-of-concept malware that could access messages and emails on an Android …
If my G1 pops up a random su requester you can guarantee I'll get suspicious real fast. Until someone finds a *silent* privilege escalation being jailbroken is no less secure than not, on Android at least.
This rootkit claim appears to require physical possession of the phone, at which point its rooted state hardly matters, just saving them rooting it themselves!
'su' is how you run commands with root permissions, without it a rooted phone behaves identically to an unrooted one. Since su pops up a full screen requester every time its used it's hard to sneak su use in without the user noticing. Hard to install a rootkit without su...
When someone works out how to bypass that requester then we'll be in trouble.
The ignoramus Joe Sixpack, aka PEBCAK, aka the victim of ye olde social engineering trick.
Disguise rootkit as attractive game/utility, put in some lies about needing root support for something or other (and sprinkle it with technobabble to deter Joe Sixpack from reading further), and you have rooted access soon enough.
Of course this happens all the time, to all systems. and it'd be Joe Sixpack's own fault for failing to exercise skepticism, but in litigious countries like the US and most of Europe, it's not hard to predict what's going to happen next.
Paris, because she's an example of a Joe Sixpack.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
