Droid Avoids with an AppleJackHack

Will the Motorola Droid be the next malware-victimized smartphone? Well, it's a bit early to make a claim like that, but the fact that it's been rooted (an analogous process to jailbreaking on the iPhone and iPod Touch) in order to allow end-users to install unapproved applications, puts the platform one step nearer. See the reports by John Leyden of The Register and Stefanie Hoffman at CRN (actually quoting Wired News' Gadget Lab) for more detail.

As I've pointed out in another blog here, this isn't a precise analogue to the iPhone malware issue. To be precise, I said:

…it does point to the weakness of the whitelisting and restricted privilege models as a sole defence. If an end user is willing to forgo the legitimacy of a vanilla smartphone by “rooting” it, in order to get a wider choice of apps, there are people out there willing to share techniques for doing so. And plenty more ready to take advantage of the resulting exposure to risk, if they can.

And it's certainly a prime example of how a malicious program might find its way onto a Droid using social engineering to make the victim complicit in the process. And a principle that applies to many other platforms.

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://blog.isc2.org/
http://avien.net/blog
http://blogs.securiteam.com
http://dharley.wordpress.com/

Author David Harley, ESET

  • Marquis Donayre

    The Motorola DROID continues to present new possibilities everyday. I’ve had it for about 10 months and We have had a Blackberry attached to my system considering that September 1998. Being connected is really a vital element of my lifestyle so I’m usually reachable by loved ones and co-workers. I am a bit addicted on the Industry for DROID Applications. If the device had unlimited memory I would test the capacity. I believe this OS could be the way in the future and intend to develop with all of you to learn it by means of and by way of. Thanks for that article.

  • Katelynn Ser

    Apple solves the problem by limiting the multitasking. Apple doesn’t multi task where it should. Android multitasks where it shouldn’t. Somewhere between the two is the right ansewr. You may not need dual core chips to do the job right.

  • Gilbert Poulos

    While I love a bodily keyboard, after handling the Samsung Captivate for roughly 15 minutes, it is laborious to move back. At this time I’m debating whether or not to go to Verizon for the Droid X, go to Dash for the EVO, or stick with AT&T for the Captivate…decisions, decisions.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
11 Dec 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.