Android: The Next Malware Frontier
Android Botnets and Android Espionage
As Android's mobile market share continues to increase, so will the cybersecurity risks associated with the mobile OS. After rootkits become standard, expect Android botnets, spyware, and GPS-enabled espionage.
Attack of the Android Rootkits
At DEF CON 18, Trustwave security researchers Nicholas Percoco and Christian Papathanasiou will talk about their Android rootkit. According to their meeting abstract, they will demonstrate how their rootkit can be installed over the air or alongside a rogue app.
At the current time, a rootkit may be overkill, as most Android devices do not scan for malware. However, if in the future security scanning for malware becomes a reality on Android, a rootkit may prevent security scanners from finding malware. This becomes especially problematic if a user does not properly lock down their applications, and inadvertantly grants the rogue app certain permissions (e.g., ability to read SMS messages, access to the GPS, ability to make network connections) then we have a problem.
Average Black Hat Hackers Not the Problem
The average hacker is not the problem. Sure, in the hands of the average hacker, a rootkit could be problematic. But the larger concern should be state actors and criminal enterprises looking to exploit businesses and interrupt critical services.
Consider if a belligerent state with cyber warfare capabilities were to design a rogue Android app coupled with a rootkit. If this app had access to the phone's GPS, the state's hackers can target specific geographic regions. With geographic targeting, the state's hackers can disrupt the mobile phone/internet access points by tying up all of the circuits (the telecom equivalent to a DDOS attack). State hackers can also redirect all emergency 911 calls from affected Android phones calls to random phone numbers.
Android Botnets > Regular Botnets?
The other day while thinking about the possibilities of using Android phones for grid computing, it also struck me that Android phones are the next possible forum for botnets. The examples above show some of the capabilities of an Android botnet, how much more destructive they could be than our standard botnet.
Consider the fact that Android phones have the ability to connect to the telephone system and the Internet. This means black hat hackers and cyber warriors have additional vectors for their activities. Thus, the risk exists that Android phones may have twice the security risk as a standard computer.
We need to add Android powered phones to our cyber infrastructure conversations. Don't get me wrong, I love Android and the flexibility it affords, but we need to have more frank discussions of our cyber infrastructure, and this includes Android.