Warning: Malware compromise potential to Custom ROMs/Community builds

Discussion in 'Android Tablet News' started by gurgle, Jun 17, 2011.

  1. gurgle

    gurgle Super Moderator Staff Member

    Joined:
    Aug 6, 2010
    Messages:
    1,463
    Likes Received:
    130
    Trophy Points:
    162
    Location:
    Near 39.11°N 94.6°W
    Tablet / Device:
    Better question What don't I own, Oh a generic APAD
    [​IMG]

    There is some new malware targeting Custom ROMs. This Trojan primarily focuses on the low end Chinese builds. The Lookout Mobile Security group blogged about this finding. < Link > They have identified at least eight different instances of the trojan jSMSHider. The current potential of compromise is low, but you should be aware. This could easily migrate to other ROMs, and the impact could create a problem of trust with community Builds or Custom ROMs.

    The application would appear to be installed as a default build application. This type of Trojan tries to take control over the mobile phone functionality by rooting the phone. jSMSHider exploits a vulnerability in the way most custom ROMs sign the system image. Publicly available private keys in the Android Open Source Project (AOSP) are commonly used to sign the custom builds. The end result is this exploit attempts install custom commands and receive instructions from external servers. Information could be passed back, and the device could be used to connect if possible to a costly SMS service.

    Most AV products for Android would identify and protect from this compromise attempt. The problem is most individuals who use custom ROMs do not want the CPU impact from an Android AV product. The best recommendation is to be aware, and be cautious of unknown custom/community build ROMs.
     
    Last edited by a moderator: Jun 17, 2011
  2. OffWorld

    OffWorld Senior Member

    Joined:
    Oct 5, 2010
    Messages:
    460
    Likes Received:
    67
    Trophy Points:
    102
    Location:
    Minnesota, USA
    Tablet / Device:
    Haipad M701-R, Augen Gentouch 78 (returned it)
    The linked blog post says the trojan uses:
    There is presently only one comment there which says:


    So CM7 doesn't allow this key to be used, but is there an easy way to find out if our rom allows the AOSP "platform key" or not? It would be nice to know if our firmware can be compromised by this or not by this trojan.


     

Share This Page