Will the Motorola Droid be the next malware-victimized smartphone? Well, it's a bit early to make a claim like that, but the fact that it's been rooted (an analogous process to jailbreaking on the iPhone and iPod Touch) in order to allow end-users to install unapproved applications, puts the platform one step nearer. See the reports by John Leyden of The Register and Stefanie Hoffman at CRN (actually quoting Wired News' Gadget Lab) for more detail.
As I've pointed out in another blog here, this isn't a precise analogue to the iPhone malware issue. To be precise, I said:
…it does point to the weakness of the whitelisting and restricted privilege models as a sole defence. If an end user is willing to forgo the legitimacy of a vanilla smartphone by “rooting” it, in order to get a wider choice of apps, there are people out there willing to share techniques for doing so. And plenty more ready to take advantage of the resulting exposure to risk, if they can.
And it's certainly a prime example of how a malicious program might find its way onto a Droid using social engineering to make the victim complicit in the process. And a principle that applies to many other platforms.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET