RootSmart Variants Bring a Challenge

By | Feb 28, 2012

Google recently announced their work with Bouncer, a tool they're using to scan the Android Market for malware. In the original release, they didn't specify how long they had been testing it, only that it had been "a while." It turns out, it's been a whole year, and Google claims it's shown significant impact. However, a recent exploit involving RootSmart proves Bouncer's fallibility. While no security measure is perfect, a breach only shortly after going public with the tool doesn't look good. If you were hoping Bouncer would be the Hail Mary of Android's malware problem, you may end up being disappointed.

The Malware in a Nutshell

North Carolina State Assistant Professor Dr. Xuxian Jiang discovered a way to fool Bouncer into thinking a piece of malware was a legitimate app. It did so by not storing the exploit within the malware itself--instead it entered the Market essentially as a benign app, only downloading and installing the exploit code after device installation.

However, the original exploit that enabled RootSmart has already been patched, according to Tech Republic. Still, the article argues that hackers may still find other ways to fool Bouncer and that Google should essentially watch their backs.

Potential Interconnected Threats

It's also capable of sending information back to a server, which brings up an interesting issue. Google is working on a Chrome password generator that, as the name implies, generates a random password for the user and stores it for Web sites that allow user registration. In the release, Google notes how that will make them a high-value target.

While Chrome is only available on Android devices running Ice Cream Sandwich, and only a few devices have that version now, this will give hackers a lot of motivation once more devices are running it. The malware's ability to "phone home," enabled by an Internet permission, it could potentially get Chrome's stored passwords.

Danger in the Enterprise

With the "bring your own device" movement in full swing, you likely have to manage Android devices. The general issue of Bouncer not being as bulletproof as Google thinks is a more immediate threat. Again, no security is perfect, but what's a problem is that Google thinks its more secure than it really is. This allows them to be more easily caught off guard. And it would seem that Google is, in fact, under this false impression. They claim they have been testing this for a year, yet less than a year ago, there was a serious malware problem in the Market.

That being said, if you had any faith in Bouncer to begin with, this may not be the solution you hoped it would be. Perhaps it's just all the more reason not to rely too heavily on external forces to protect your midsize business--a reminder that actively pursuing solutions versus relying on passive solutions is the safest course of action.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...