Researchers develop Android clickjacking rootkit
Posted on 04.07.2012
A group of researchers from North Carolina State University have managed to create a proof-of-concept rootkit for the Android OS that is able to hijack the clicks made by the phone owners and use them to launch malicious applications without the users being aware of it.

Led by Assistant Professor Xuxian Jiang, the group was initially concentrated of finding security weaknesses in various smartphone platforms, but proceeded to create the rootkit in order to discover how Android developers could defend users against this type of attack.

The rootkit in question targets the Android framework and not the OS' kernel, which makes it easier to develop, and can be easily bundled up with a legitimate application offered for download on any of the existing online Android marketplaces. Currently, it can be installed on all but the latest version of Android.

Once established on the device, it can do things like replace the smartphone’s browser with one that covertly steals all the confidential information the users enters in it, or hide or replace any of the other apps - all without restarting the phone or alerting its owner in any way.

In fact, the mechanism used for the attack has been dubbed "user interface readdresing" and requires no privilege escalation.

"The rootkit was not that difficult to develop, and no existing mobile security software is able to detect it," claims Jiang. "But there is good news. Now that we’ve identified the problem, we can begin working on ways to protect against attacks like these."


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th