- Data Leaks: How My Car Betrays Me
- Data Leaks: A Frappuccino and Your Customer’s Bank Accounts To Go
- Data Leaks: What you Should Know about Rootkits
- Data Leaks: Location Based Services and Why You Should be Concerned
This week the Data Leaks series explores another troubling piece of hackery, the rootkit. Today we are going to investigate what they are, what they do, and why you should care about them.
Unfortunately, there will be neither be a “how to detect them” or a “what to do about them” segment. Why? Despite the existence of rootkits on traditional computing platforms for years, i.e. desktops and laptops, the ability to detect and/or prevent their installation is a hard problem. Personally, I’d rather tackle world peace than the rootkit problem–it is that hard to solve.
Targeting the Masses
Hackers, in their eternal quest for personally identifiable information, target the masses. For years the sole focus was on desktops and laptops. Nobody knows exactly how many traditional computing devices are in use today. Some research firms like Gartner and IDC track the number of units sold, but that isn’t a realistic way to measure given the short lifespan of most computers.
The same measurement problem exists for cellular phones. Last year a UN study concluded that at start of 2009 there were approximately 4.1 billion mobile subscriptions. The study fell short since it didn’t categorize the mobile subscriptions. Assuredly, a measurable percentage is still operating in the analog realm, but the advent of the iPhone and Google’s Android operating system has propelled smart phones to the forefront. This is just the type of target that makes a hacker salivate profusely.
What is a Rootkit?
In computing, a user with root access is a super-user with the opportunity to exert god-like powers over the operating system. Modern operating system kernels are fat, meaning they require thousands upon thousands of files just to reach the point where custom user software can be installed, like the word processor I’m using to write this article with. Not even the most savvy root user can name and recite the purpose of every file that comprises the operating system’s kernel.
A rootkit is a set of software libraries that hide among the masses, carefully crafted to blend into its environment. The primary purpose of these files is to give a hacker root access to either a subset of or the entire kernel. Obtaining root access on a system is a hackers wet dream.
Detecting Rootkits
Succinctly, rootkits represent software that can execute with administrator privileges and do so without the user noticing the background activity.
The rootkit first hit mainstream media and garnered much attention when Sony BMG introduced a new form of CD copy protection in 2005. Merely inserting the CD into your computer to play the music resulted in the secret installation of a rootkit into the Windows OS. Sony broke so many rules. The software was installed before the EULA was displayed to the user, the EULA made no mention of the rootkit, and there was no way to uninstall the software after the fact.
How Rootkits Work
At DefCon18 in Las Vegas last month, an Android rootkit was demonstrated and released to attendees on a DVD. What can this rootkit do? It can take full control of your mobile phone. A ComputerWorld article describes the powerful rootkit in great detail. Literally, the hacker can dial an offshore sex hotline that charges $19.95 per minute, and the user has no idea that their phone is in the middle of a call. The rootkit suppresses the user interface changes that one normally expects to see when their phone is actively being used on call. The Android OS isn’t the only smart phone platform under attack. The iPhone and iPad from Apple have also been targeted.
There is far greater concern about a rootkit on a mobile device than on a desktop computer. Our phones go with us everywhere–to work, on a date, to the restroom, everywhere. Unlike our stationary desktops and portable laptops, our mobile phones have built-in GPS, cameras, and microphones. It means that a rootkit on the right mobile phone could help a hacker steal proprietary information from your employer. Unbeknownst to you, that meeting discussing the next generation of kit was secretly recorded and sold to a competitor for a price. It means that a hacker can deduce that your home is empty because the GPS of your cell phone says you’re at the movies, and your calendar reads “Date night with hot lips!”
What can be done?
Even the US government is overtly concerned about the problems of relying on the provenance of software as the only metric of determining if it is safe. Just because my software came from Apple does not mean it is secure, nor does it mean that a hacker can’t easily subvert it. Apple like every other company relies on employees and contractors that span the globe. The Intelligence Advanced Research Projects Agency (IARPA), the sister agency to the more well known DARPA, routinely posts open solicitations for how to vet and establish the trustworthiness of both software and people.
Staying informed is key, and this is the central theme in the Data Leaks series. Understanding the threat is always the first step in being able to counter the threat.
Next week we wrap up the Data Leak series with a look at Location Based Services, the Minority Report like technology that would allow companies to target advertisements and services to you as an individual, wherever you go.