Rootkit and Keylogger on Android?

[metalchocobo]

Hi all,

I suspect my roommate planted rootkit/keylogger into my PC. AFAIK, the only effective solution is to (re)format my PC harddisk. The question is what about rootkits/keyloggers on Android?
- Are they as destructive as the ones on PC?
- Are they as hard to get rid of as on PC?
- What if my phone is already infected, how do I go about reformatting the phone's rom and internal storage? Or is there a scanner that can get rid of these things on the phone?
For now, I will just try to keep my phone with me at all time.

Thanks for the answers in advance,

 

[sitlet]

I'm not sure about the answers to your question, but IMO if you are worried about it, you should call the police. That kind of stuff is illegal, and your friend can get in trouble for it.

 

[AngryHatter]

You can remove rootkits without a format.

 

[metalchocobo]

@sitlet My roommate is a computer Engineer. I think he's always one step ahead of me on this issue. Plus, he's a part of a group that I don't want to get into details. I think it'll be (much) easier for me to just move out than going to the police, but I need to give my landlady a one-month notice.

@AngryHatters Do you mean for a PC or an Android phone? According to my own research, the only effective way to get rid of rootkit on PC is to completely format the hard disk and reinstall everything from scratch. If there's another way, please let me know. And what about rootkits on an Android phone?

 

[alostpacket]

This may help you with general security advice:
http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html


As for rootkits, I'm not sure I have heard of anything on Android being described as a "rootkit". From what I understand, a rootkit on Windows is something that gets into the boot process and/or bios before the OS. With Android the OS is Linux though, so there are different concerns.

Certainlly apps can be granted root permissions (aka Super User permissions) if a phone is rooted. And a few recent instances of Malware allegedly had a root exploit involved but did not make use of it before they were discovered (as far as I recall).

Root permissions are very different from a rootkit though. Root on Linux is akin to an Administrator account on Windows, whears a rootkit on Windows is something that can control the system OS itself.

That's not to say it's impossible, people on Android regularly replace the bootloader, but this is done mostly by white hat hackers helping people install custom recovery options and custom ROMs. But if the white hats can do it, the black hats could potentially as well. However the process for flashing a bootloader is pretty involved, so I'm not sure if this is a feasible attack vector for malware.

So, long story short, I wouldn't worry too much about rootkits on Android, at least not in the near future, but I would recommend following some basic safety and privacy habits.

 

[AngryHatter]

Sophos Anti-Rootkit - Free Rootkit Detection and Removal Tool

Why removing rootkits is such a pain

 

[metalchocobo]

@alostpacket Thanks for the writings. I am thinking of formatting my computer's hard disk and changing all the passwords but want to be sure that my phone is clean as well -- otherwise, it'll be for nothing. I guess rootkit is not that much of an issue on Android? (I'm worried because I tried googling Android rootkits and according to some news, there are rootkits for Android.)

@AngryHatter I'll give the Anti-Rootkit a try.

BTW, is a screen saver which asks for password on resume a good/effective prevention against a skilled computer engineer? (I mean after I've gotten rid of rootkits/reformatted my PC.) He has access to my room & computer. I'm not sure installing a lock on the door when I'm moving out in less than 2 months is such a good idea (or not). I mean I'm worried that it'll cause more rifts between us if I lock my room's door every time I leave the room. Last night he just played several pranks which I thought was too much.

 

[alostpacket]

If you're relally worried do a factory reset.

But honestly you need a new roomate, nothing is safe from someone with physical access to your device.

 

[amlothi]

nothing is safe from someone with physical access to your device.

This is the key point. There are things you can do to make it more difficult, but if he has physical access to a device (computer/phone) than any security can be defeated.

My advice would be to take your computer/phone/etc and store it at a friend's home or in another location. Don't leave it at your apartment when you aren't there.

 

[amlothi]

BTW, is a screen saver which asks for password on resume a good/effective prevention against a skilled computer engineer?

NO.

 

[lennyjew]

NO.

Agreed, there are many ways to bypass that. Hell I'd just turn the computer off when you leave and take the power cord or open the tower and unhook the power supply.