Researchers develop Android clickjacking rootkit

A group of researchers from North Carolina State University have managed to create a proof-of-concept rootkit for the Android OS that is able to hijack the clicks made by the phone owners and use them to launch malicious applications without the users being aware of it.

Led by Assistant Professor Xuxian Jiang, the group was initially concentrated of finding security weaknesses in various smartphone platforms, but proceeded to create the rootkit in order to discover how Android developers could defend users against this type of attack.

The rootkit in question targets the Android framework and not the OS’ kernel, which makes it easier to develop, and can be easily bundled up with a legitimate application offered for download on any of the existing online Android marketplaces. Currently, it can be installed on all but the latest version of Android.

Once established on the device, it can do things like replace the smartphone’s browser with one that covertly steals all the confidential information the users enters in it, or hide or replace any of the other apps – all without restarting the phone or alerting its owner in any way.

In fact, the mechanism used for the attack has been dubbed “user interface readdresing” and requires no privilege escalation.

“The rootkit was not that difficult to develop, and no existing mobile security software is able to detect it,” claims Jiang. “But there is good news. Now that we’ve identified the problem, we can begin working on ways to protect against attacks like these.”