Mobile security researchers have identified an aspect of Android 4.0.4 (Ice Cream Sandwich) and earlier models that clickjacking rootkits could exploit.
A research team led by Xuxian Jiang at NC State has been trying to identify potential weaknesses in various smartphone platforms as part of an overall effort to stay ahead of attacks from “black hat” attackers.
As part of this work, Jiang was able to develop a proof-of-concept prototype rootkit that attacks the Android framework, rather than the underlying operating system kernel. The rootkit could be downloaded with an infected app and, once established, could manipulate the smartphone.
For example, the rootkit could hide the smartphone’s browser and replace it with a browser that looks and acts exactly the same – but steals all of the information you enter, such as banking or credit card data. But the rootkit’s functionality is not limited to replacing the browser – it could be used to hide and replace any or all of the apps on a smartphone. Here is a video demonstration of the app.
“This would be a more sophisticated type of attack than we’ve seen before,” says Jiang, “specifically tailored to smartphone platforms. The rootkit was not that difficult to develop, and no existing mobile security software is able to detect it.
“But there is good news. Now that we’ve identified the problem, we can begin working on ways to protect against attacks like these.”
Jiang is also the founder of the Android Malware Genome Project, which is a collaborative research effort designed to improve our understanding of existing Android malware. The project was announced May 22.