John Leyden has reported that the Motorola Droid has been rooted, so that users of the hack can install applications not offered by operators, in a manner not dissimilar to jailbreaking the iPhone and iPod Touch.
Here’s the link, , but watch that Shell rollover ad: it really gets in the way if you’re switching tabs!
http://www.theregister.co.uk/2009/12/11/hackers_jailbreak_droid/
See also the article by Stefanie Hoffman at CRN:
http://preview.tinyurl.com/ydm4fxb
No-one is saying that this issue is 100% analogous to the iPhone issue, in that there is (as far as I know) no readymade vulnerability lying in wait for Droid users (unless you count the vulnerability in wetware that makes social engineering such an effective attack). However, it does point to the weakness of the whitelisting and restricted privilege models as a sole defence. If an end user is willing to forgo the legitimacy of a vanilla smartphone by “rooting” it, in order to get a wider choice of apps, there are people out there willing to share techniques for doing so. And plenty more ready to take advantage of the resulting exposure to risk, if they can.
David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET
Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/