Security experts release tool to hack Android phones!

[nbawizards0]

Hey guys....

I just got to know that security experts release tool to hack Android phones!"

It wasn't difficult to build," said Nicholas Percoco, head of Spider Labs, who along with a colleague, released the tool at the Defcon hacker's conference in Las Vegas on Friday.

Check out this for more....

 

[Free Range Lettuce]

Hi mastermind1431 and welcome to the AC forums.

There's been rootkits found in the wild for Android some time ago. Like this one I reported back in mid-May: http://extorian.co.uk/blog/227/android-rootkit-found-in-the-wild/

The rootkit discussed in the link you provided has to be manually installed on the phone. If you give your phone to someone, and while it's in their possession you let them connect it to a PC via USB, you unlock your phone for them by entering your pattern lock (which you have turned on right?), let them mount the drive, and watch while they install a rootkit on your phone before handing it back to you, you deserve what's coming

It can also be installed by a malicious app on SOME phones (they're hardware specific) that have the Full Internet Access security permission. The app will horribly crash on phones that it doesn't work on, so will get very bad Market reviews. People really need to pay attention to review scores, comments, and permissions required by apps before installing them.

 

[Teach31]

Yes, I agree with you on the current condition of the tool they have released. As I said in The Fire Seal, the tool was build by some ethical hackers. Their whole idea itself was to to pressure manufacturers to fix bugs and to expose the security loophole in the current OS...

That being said, I would like to mention one more fact. In technology, nothing is secure. If these hackers could make some tool to hack the OS with some kind of manual intervention, why can't the core hackers do it even more better by altering the code of an extremely popular Android Application in the market???

 

[Memnoch]

Yeah, but they'd have to have made the extremely popular app themselves already. Applications are signed using a secure key that only the developer has access to. The Market won't allow you to upload apps with identical package names unless they're signed by the same certificate. To use the certificate the hacked would need the certificate itself and know the password to the keystore and the key itself.

 

[koolkid1095]

In technology, nothing is impossible... what we think as impossible would become possible for someone on some fine day....

Being said that, I would also like to mention about the keys and certificate....

Just an example would make it clear for us....

Windows Vista came into market to with a high protection against crackers/ hackers from piracy....

There were 10 component which the Windows looked at at the time of activation..... But Hackers overcome this by duplicating the manufacture's OEM and Microsoft's digital key....


Now what do you say???

 

[frillyfroofroo]

The digital keys you're talking about for Windows were very simple to crack. They were a basic and low strength encryption.

The digital keys and certificates used for signing apps on the Market are use the exact same encryption that is used by banks and the military. It has yet to be cracked in any meaningful (i.e. under several decades) time even using grid computing. If it was realistic to crack this encryption you would have far bigger things to worry about - such as every secure connection on the internet being compromised, including the ones used when you us online banking.

Sure, one day the computing power required to crack these kinds of encryption will be readily available, but we're talking hundreds of years. I'm not too worried about it.

It's also possible someone might find a loop hole that allows it to be easily broken, but this challenge is set by many institutions with very large prizes for anyone who can do it. When that happens it's very easy to change to a different encryption scheme.