back to article Sophos downplays Android malware threat

Android users have little reason to fear an immediate onslaught of malware despite the demonstration of a rootkit-based attack at last week's Defcon conference, according to a leading anti-virus supplier. Researchers at Spider Labs demonstrated proof-of-concept malware that could access messages and emails on an Android …


This topic is closed for new posts.
  1. Tigra 07


    So far the only smartphones affected by malware in the media have been jailbroken.

    Serves them right

    1. Paul Shirley

      no remote install -> no threat

      If my G1 pops up a random su requester you can guarantee I'll get suspicious real fast. Until someone finds a *silent* privilege escalation being jailbroken is no less secure than not, on Android at least.

      This rootkit claim appears to require physical possession of the phone, at which point its rooted state hardly matters, just saving them rooting it themselves!

      1. Tigra 07

        RE: Paul Shirley

        What's an su request?

        1. Paul Shirley

          its basic Linux security

          'su' is how you run commands with root permissions, without it a rooted phone behaves identically to an unrooted one. Since su pops up a full screen requester every time its used it's hard to sneak su use in without the user noticing. Hard to install a rootkit without su...

          When someone works out how to bypass that requester then we'll be in trouble.

          1. Tigra 07


            It's basically like running your computer without full permissions and having it ask you for a password every time something tries to change the registry or run a program?

            An ingenious idea for a smartphone

            1. David Simpson 1

              Super User

              The short answer is it stands for Super User and can only be accomplished with a rooted Android phone.

              His point is even on a rooted phone when a program tries to execute SU it has to ask for permission.

            2. Chemist

              Re : "tries to change the registry"

              What's the 'registry' ?


      2. Anonymous Coward
        Paris Hilton

        There's still one vector of attack tho.

        The ignoramus Joe Sixpack, aka PEBCAK, aka the victim of ye olde social engineering trick.

        Disguise rootkit as attractive game/utility, put in some lies about needing root support for something or other (and sprinkle it with technobabble to deter Joe Sixpack from reading further), and you have rooted access soon enough.

        Of course this happens all the time, to all systems. and it'd be Joe Sixpack's own fault for failing to exercise skepticism, but in litigious countries like the US and most of Europe, it's not hard to predict what's going to happen next.

        Paris, because she's an example of a Joe Sixpack.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021