On Friday, a pair of security researcher released a tool that they say can be used to hack into Android phones at the Defcon hackers conference in Las Vegas. The announcement comes only a day after what's been said to be an overreaction over a set of Android wallpapers in the Android Market.
Nicholas Percoco, head of Spider Labs, and a colleague released the tool on Friday. The software, a rootkit, could, once installed, allowed a hacker to gain total control over an Android phone, much like some PC rootkits.
The rootkit tool was given out on a DVD available to conference attendees. It was released "to persuade manufacturers to fix a bug that lets hackers read a victim's email and text messages," according to a report by Reuters.
Percoco said the software was tested on HTC's Desire and Legend smartphones, but he believed it would work on any Android based phones. The release came on the same day that security firm Lookout clarified its stance on a set of wallpapers it had highlighted at the Black Hat security conference earlier in the week.
Lookout said that while the wallpaper apps, created by developers “jackeey,wallpaper” and “IceskYsl@1sters!” (which are really one and the same) exhibited some suspicious behavior, no malicious intent or behavior had been identified. Lookout continues to work with Google to investigate the apps, which were pulled from the Android Market after the allegations.
Despite the recent attention given to Android at these conferences, it is not, however, as though hackers aren't looking at the iPhone. However, the "walled garden" approach that Apple has taken for the App Store means at least two things: 1) unless your device is jailbroken, you can't install non-App Store apps on it, and 2) the App Store approval process, although mistake-ridden and somewhat draconian, examines apps for malicious behavior before they are allowed to be posted.
Meanwhile, if you are wondering why there are two security conferences, both in Las Vegas, in the same week, Declan McCullagh of C|Net, while interviewed by NPR on Saturday, described the difference between the two conferences as such: Black Hat is the one you can tell your boss you are going to, while Defcon ... not so much.
Comments
defcon is just as valuable to an employer as blackhat, and at a fraction of the cost. I don't think Declan's analysis is correct these days. Perhaps ten years ago, not now.
agreed, the content is every bit as valuable or more at defcon than bh
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!