The short answer is yes, in theory, according to an Information Week posting talking about the upcoming Def Con conference. Two researchers from Trustwave have developed a rootkit that can be installed on an Android handset, that gets activated when a specific “trigger number” is called.
When applied, the rootkit would give attackers root access to an Android device, allowing them to install background apps to hijack the handset. Some examples of what a hacker could do with this include reading all of your info, sending and receiving SMS messages in your name, etc.
The two researchers have said that while they have proven this is possible, they have not seen this exploit being used in the wild. This of course does not mean that we won’t see it in the future. The researchers say that right now a hacker has to have physical access to your phone to install the rootkit, but that it could be adapted to a Market app that would install it automatically. It’s worth noting that Google does screen apps in the Market to try to catch malicious code.
With mobile computing being the fastest growing platform type in the world right now, it was only a matter of time before we started to see this kind of discussion open up. Mobile handsets are especially susceptible since they do not have the horsepower to run virtual machines to help with the stop of malware. Hopefully we will not see any widespread outbreaks of malware in our beloved Android platform.