Jailbreaking: not just an AppleJackHack

John Leyden has reported that the Motorola Droid has been rooted, so that users of the hack can install applications not offered by operators, in a manner not dissimilar to jailbreaking the iPhone and iPod Touch.

Here’s the link, , but watch that Shell rollover ad: it really gets in the way if you’re switching tabs!

http://www.theregister.co.uk/2009/12/11/hackers_jailbreak_droid/

See also the article by Stefanie Hoffman at CRN:

http://preview.tinyurl.com/ydm4fxb

No-one is saying that this issue  is 100% analogous to the iPhone issue, in that there is (as far as I know) no readymade vulnerability lying in wait for Droid users (unless you count the vulnerability in wetware that makes social engineering such an effective attack). However, it does point to the weakness of the whitelisting and restricted privilege models as a sole defence. If an end user is willing to forgo the legitimacy of a vanilla smartphone by “rooting” it, in order to get a wider choice of apps, there are people out there willing to share techniques for doing so. And plenty more ready to take advantage of the resulting exposure to risk, if they can.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.