Xuxian Jiang and his team of mobile security researchers at NC State have been able to identify a rather exploitable vulnerability in Android 4.0.4 (Ice Cream Sandwich).
The research team, part of the Android Malware Genome Project working to keep a few steps ahead of malware developers, have been able to demonstrate the weaknesses of the Android app framework using a prototype “clickjack rootkit.”
What makes this weakness so easy to exploit is that the rootkit does not need to infect the OS kernel. Rather, all one has to do is accidentally download an install an infected app, which would then allow the rootkit to affect the smartphone.
“The rootkit was not that difficult to develop, and no existing mobile security software is able to detect it,” says Jiang.
That being said, Jiang cites that the good news is that the problem has been identified, and a solution can now be sought to protect against these problems.
Via: The Abstract
