At a recent software security conference called Def Con, Nicholas Percoco, head of Spider Labs, basically revealed how easy it is for an Android hacker to grab hold of your personal information, SMS, make calls and even grab your location. The whole thing allegedly took them two weeks to build.
“There are people who are much more motivated to do these things than we are,” he added.
The actual phones used in the demonstration of the attack took place on HTC Legend and Desire smartphones. Of course, the point is that it could be conducted on any Android phones. According to Reuters, “Attendees pay $140 in cash” to grab a place at the conference but most importantly they “are not required to provide their names”. Funky huh?
For more information on the technical stuff behind the tools, check out the Def Con site, but for a bit of light reading, here is an extract from their website:
We have developed a kernel-level Android rootkit in the form of a loadable kernel module. As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a ‘trigger number’. This ultimately results in full root access on the Android device. This will be demonstrated (live).