It looks like mobile malware authors may be moving into the kernel. Software that operates in the kernel has access to the entire system. Hidden, undocumented functions can provide untraceable access to the filesystem. Rootkits are generally used to hide the presence of other malicious software or activity.

Recently, an independent security research group released a number of ROM images(colloquially “ROMs”) from various Symbian phones. Their goal was to encourage vulnerability research on mobile phones.

The risk is not that these researchers have published the ROMs. Any one who owns a Symbian phone can, with publicly available tools, extract their own ROM image. The real risk arises from the nearly 600 KB of analysis and research guidelines they have provided.

The current situation is that malware authors are limited to user space. All current mobile malware has been created either with the publicly available SDKs or cobbled together from other malware. Essentially, most of the trouble so far is caused by applications. Malicious applications, but still only applications not system software.