I believe one of the primary strengths of a rootkit is its ability to hide itself -- even when accessing the kernel level -- so it'd have to be a pretty poor rootkit to achieve that. So far the only working attempt (that ive seen at least) was the mindtrick poc done by trustwaves spider lab (?) at defcon last year, and even that was specific to the htc legend (and required root access to install afaik). On Jun 13, 2011 9:15 AM, "Chris Palmer" <[email protected]> wrote: >> Is it possible to detecting kernel level rootkit without root permission? > > Perhaps you could detect the most incompetent kernel rootkits that > way. It would probably be more work that it was worth, though. > > (Consider that an honest kernel can, by design and as a feature, hide > information from userland — including root users. So a dishonest > kernel can do worse; in fact, your kernel might be honest and the > rootkit resides beneath that!) > > > -- > http://noncombatant.org/ > > "These days, though, you have to be pretty technical before you can > even aspire to crudeness." — William Gibson > > -- > You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to [email protected]. > For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en. >
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
