Virus for Android turns your smartphone into an enemy.
A group of researchers in the field of information security from the State University of North Carolina found possible to redirect clicks on the touch screen Android-devices for the introduction of rootkits. The group, headed by Jiang Syuysyan (Xuxian Jiang) has developed a pilot test for the virus to be discovered. As a result of this virus by the technique known as «clickjacking» («hijacking clicks”), was able to implement the apparatus a special module, which not only changes the way malicious behavior, but also hidden from detection by standard means.
Professor Jiang’s group has developed a pilot rootkit to check their guesses about the vulnerability of the popular Android mobile platform at the application level – the core itself remained untouched. Used “hole” was discovered in the course of a more general study on the level of protection of different smartphones.
Created by the scientists rootkit, which can be implemented in a completely trustworthy applications that can not be detected with standard antivirus software – at least, so say the authors. When installing an infected application attacker can replace the standard browser on your smart phone version, which will intercept button presses, collect data bank card user, and then transfer them to a server controlled by hackers. As the demonstration of the technology, with the help of this tool, you can substitute any or all of the application on your phone.
According to scientists, the vulnerability associated with the interception of keystrokes, is present in the newest version of Android 4.0.4 (Ice Cream Sandwich), as well as in earlier releases. The mechanism of attack, called “forwarding user interface,” implies that the user installs malicious software, thinking that agrees with some other action of the system, and installing without rebooting. In addition, the installation does not require additional permits and obtain superuser «Root». Finally, at the core of the operating system no change is made.
According to the developers, the newly discovered type of attack on mobile devices is different from those seen earlier, a high level of secrecy and danger. It is interesting that the very development of the rootkit did not cause any difficulties for the authors, however, none of the existing anti-virus is not able to recognize the threat of dangerous actions when installing applications, infected with a rootkit. Now, when a potential problem identified and clearly described, professionals can begin to neutralize the new threat. By the way, Professor Jiang is one of the founders launched in May of this year’s draft Android Malware Genome Project for the collective identification and description of all existing threats for Android. More information about the new work of Jiang and his colleagues can be found at their blog at web.ncsu.edu/abstract/technology/wms-jiang-clickjack.
On materials of the site The Register.