A group called Lookout Mobile Security has put out an
regarding malware which is targeting custom Android builds.
"The application follows the common pattern of masquerading as a
legitimate application, though a few extra permissions have been added. At
first glance, it appears like other recent Android Trojans that tries to
take control over the mobile phone by rooting the phone (breaking out of
the Android security container), but instead jSMSHider exploits a
vulnerability found in the way most custom ROMs sign their system
images. The issue arises since publicly available private keys in the
Android Open Source Project (AOSP) are often used to sign the custom ROM
builds. In the Android security model, any application signed with the
same platform signer as the system image can request permissions not
available to normal applications, including the ability to install or
uninstall applications without user intervention.
" This, it seems,
is the vulnerability closed by the May 2011 CyanogenMod security update.
(Seen on The H
to post comments)