Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences.
The researchers demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner's travels, or rapidly drain its battery to render the phone useless.
These actions could happen without the owner being aware of what happened or what caused them.
“Smart phones are essentially becoming regular computers,” said Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences. “So they are just as vulnerable to attack by malicious software, or ‘malware.'“
Ganapathy and computer science professor Liviu Iftode worked with three students to study a nefarious type of malware known as “rootkits.” Unlike viruses, rootkits attack the heart of a computer's software – its operating system.
They can only be detected from outside a corrupted operating system with a specialized tool known as a virtual machine monitor, which can examine every system operation and data structure.
Rootkit attacks on smart phones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message, according to a Rutgers University press release.
In one test, the researchers showed how a rootkit could turn on a phone's microphone without the owner knowing it happened.
In such a case, an attacker would send an invisible text message to the infected phone telling it to place a call and turn on the microphone, such as when the phone's owner is in a meeting and the attacker wants to eavesdrop.
In another test, they demonstrated a rootkit that responds to a text query for the phone's location as furnished by its GPS receiver. This would enable an attacker to track the owner's whereabouts.