October 24, 2016

First Android Rootkit at Defcon 18

Nicholas J. Percoco revealed the first rootkit for Andirod at DefCon 18, hacking conference.

Android is a software stack for mobile devices that includes an operating system, middleware and key applications and uses a modified version of the Linux kernel.

Android platform ranks as the fourth most popular smart-phone device platform in the United States as of February 2010. More than 60,000 cell phones with Android operating system are shipping every day.

Percoco developed a kernel-level Android rootkit in the form of a loadable kernel module. As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a ‘trigger number’. This ultimately results in full root access on the Android device.

An attacker can proceed to read all SMS messages on the device/incur the owner with long-distance costs, even potentially pin-point the mobile device’s exact GPS location. Such a rootkit could be delivered over-the-air or installed alongside a rogue app with reference to Defcon website.