Android Researchers Demo Clickjacking Rootkit Vulnerability - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Android Researchers Demo Clickjacking Rootkit Vulnerability

Proof-of-concept malware can be used to launch malicious applications, with no warning or rebooting required, computer scientists show.

Samsung's Android Super Smartphone: Galaxy SIII
Samsung's Android Super Smartphone: Galaxy SIII
(click image for larger view and for slideshow)
Some versions of the Android mobile operating system are vulnerable to being exploited by a "clickjacking rootkit," which could be disguised as a legitimate app that--when downloaded and run--might surreptitiously take control of the device.

That warning comes by way of Xuxian Jiang, an assistant professor of computer science at North Carolina State University (N.C. State), who led a research team at the university that found a weakness in Android 4.0.4 (Ice Cream Sandwich) and prior versions. Jiang then built a proof-of-concept rootkit to exploit the vulnerability, which exists not in the operating system kernel, but within the Android framework on which the kernel runs.

"The rootkit could be downloaded with an infected app, and once established, could manipulate the smartphone," according to details released by N.C. State.

"For example, the rootkit could hide the smartphone's browser and replace it with a browser that looks and acts exactly the same--but steals all of the information you enter, such as banking or credit card data," it said. "But the rootkit's functionality is not limited to replacing the browser--it could be used to hide and replace any or all of the apps on a smartphone."

"This would be a more sophisticated type of attack than we've seen before, specifically tailored to smartphone platforms. The rootkit was not that difficult to develop, and no existing mobile security software is able to detect it," said Jiang in a statement. "But there is good news. Now that we've identified the problem, we can begin working on ways to protect against attacks like these."

[ Employees are ready and willing to use their own computers to get work done. Consider these 4 Steps To A Successful BYOC Program. ]

Google didn't immediately respond to an emailed request for its comment on Jiang's proof-of-concept rootkit research, such as the practicality of such an attack, or how soon it might patch the underlying--and as yet publicly unspecified--vulnerability. Given that the Android framework includes Java-compatible libraries based on Apache Harmony, it's possible the underlying vulnerability has to do with Android's Java implementation.

This is far from Jiang's first foray into Android malware territory. His previous research has detailed the GingerMaster and RootSmart Android rootkits, as well as how add-on Android software and skins, included by some device makers in their distributions of the operating system, can make those versions of Android more susceptible to being attacked and exploited.

Jiang is also the driving force behind the Android Malware Genome Project, announced in May. The project aims to share Android malware samples with the security community, to help security experts better understand how malware attacks unfold and evolve and design better defenses. To date, 1,200 Android malware samples have been collected by N.C. State, and the project has shared data with 129 universities, research labs, and companies, including Google, the National University of Singapore, Purdue University, Symantec, and Tsinghua University in China.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll