Smart Phones are vulnerable to Rootkit attack

Feb 23, 2010

Smart phone users beware! Just like personal computers, smart mobile phones are also vulnerable to attack by malicious software, or malware and a compromised smart phone may lead to some serious consequences, Rutgers University researchers warns. The researchers, who are presenting their findings at the International Workshop on Mobile Computing Systems and Applications (HotMobile 2010) this week in Maryland, demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless. These actions could happen without the mobile phone owner being aware of what happened or what caused them.

Smart Phone Smart phones are cellular telephones that also comes with advanced features such as Internet accessibility, texting and e-mail capabilities and supports a variety of programs commonly called apps, or applications. They run the same class of operating systems as desktop and laptop computers. In other words, smart phones are becoming regular computers. Thus security threat exists in these advanced mobile phones.

Vinod Ganapathy, assistant professor of computer science in Rutgers’ School of Arts and Sciences, and computer science professor Liviu Iftode worked with three students to study a nefarious type of malware known as rootkits. In one test, the researchers showed how a rootkit could turn on a phone’s microphone without the owner knowing it happened. In such a case, an attacker would send an invisible text message to the infected phone telling it to place a call and turn on the microphone, such as when the phone’s owner is in a meeting and the attacker wants to eavesdrop. In another test, they demonstrated a rootkit that responds to a text query for the phone’s location as furnished by its GPS receiver. This would enable an attacker to track the owner’s whereabouts. Finally, they showed a rootkit turning on power-hungry capabilities, such as the Bluetooth radio and GPS receiver to quickly drain the battery. An owner expecting remaining battery life would instead find the phone dead.

Note: The researchers are did not assess how vulnerable specific types of smart phones are. They only worked on a phone used primarily by software developers versus commercial phone users. Working within a legitimate software development environment, they deliberately inserted rootkit malware the phone to study its potential effects. They did not find a vulnerability that a real malware attacker would have to exploit.

Photo Credit: Carl Blesch

Leave a Reply

Note: The sign * means required field. Comments are subject to moderation.