Hoping to understand what a new generation of mobile malware could resemble,
security researchers will demonstrate a malicious "rootkit" program they’ve
written for Google’s Android phone next month at the Defcon hacking conference
in Las Vegas.
Once it’s installed on the Android phone, the rootkit can be activated via a
phone call or SMS (short message service) message, giving attackers a stealthy
and hard-to-detect tool for siphoning data from the phone or misdirecting the
user. "You call the phone, the phone doesn’t ring, and when the phone realizes
that it’s being called by an attacker’s phone number, it sends him back a shell
[program]," said Christian Papathanasiou, a security consultant with Chicago’s
Trustwave, the company that did the research.