Researcher Builds Mock Botnet Of ‘Twilight’-Loving…
Forbes reports from Jon Oberheide’s SummerCon talk on Android security. » Oberheide, who works for security startup Scio Security, developed an application called ‘RootStrap’ to demonstrate that trust problem for Android apps. After it’s installed, Rootstrap periodically ‘phones home’ to check for any new code that Oberheide wants to add to the program, including any hidden control program or ‘rootkit’ that he wished to install–hence the program’s name. ‘This is probably the most effective way to build a mobile botnet,’ Oberheide told SummerCon’s audience of hackers and security researchers. » The article links to the slides from the presentation which contain some more hard information.( Log in to post comments)
Researcher Builds Mock Botnet Of ‘Twilight’-Loving Android Users (Forbes)
It is certainly a flaw if the OS allows an application to load and run code which uses controlled APIs, but doesn’t prompt the user to confirm use of those APIs. I’m afraid this is another area where Apple, Google, and Microsoft are ignoring the lead of Research in Motion, who gets this stuff right.
Having said that, I feel a lot better about the security features of Android than I do about the security-oblivious Apple iOS. Look at this release note for Apple iOS 4, and note that dozens of these flaws were reported by Google.
Source: