Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: DroidDream android malware analysis - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DroidDream android malware analysis

We talked recently about rogue apps inside the Android Marketplace. About this malware, there is an excellent analysis posted by Jon Larimer. More information at http://blogs.iss.net/archive/Examining%20the%20recent.html 

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

185 Posts
ISC Handler
@Google while reading about CVE-2009-1185, "exploid2.c" from 2010 and CVE-2010-EASY (<off>"easy", heyhey</off>): how-dee-wow, wake up, we are in 2011.

@Google also: I want "root" access to my soon coming android. Please please please implement "su" (and fix the rest).
Jens

42 Posts
Forgot: indeed "excellent" analysis.
Jens

42 Posts
I read somewhere else about a vulnerability that was fixed in Android 2.2.2. I have the original Droid first sold in Nov. 2009 and its latest official firmware is 2.2.1. Are we getting to the point where people have to buy new devices just to fix security problems?

It would be like vendors deciding to not fix security problems in older products because they came out with new ones, but 'older' in this case is barely one year. People aren't going to replace working devices; instead they will just become a platform that can be compromised to attack other systems.
Anonymous
Even if not supported you can update your old phone yourself like I did on my old HTC Magic (Sapphire). Go to xda-developers and find a nice ROM. Its a lot reading at first, but quite easy once you know how it works.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!