As SmartPhones become more like computers, they are becoming increasingly open to attack say experts. So should we be worried?
“Smart phones are essentially becoming regular computers,” said Vinod Ganapathy, assistant professor of computer science in Rutgers’ School of Arts and Sciences.
“They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software or ‘Malware.’”
Ganapathy and computer Science professor Liviu Iftode, along with three students, looked at a type of Malware known as Rootkits.
The thing with Rootkits is that you don’t know they are there as they attack the operating system and aren’t easy to detect.
This potentially means that without you being aware of it, someone could listen in on conversations you have, extract sensitive information from your phone, or find out exactly where you are located using the Global Positioning System on your phone.
“What we’re doing today is raising a warning flag,” Iftode said.
“We’re showing that people with general computer proficiency can create rootkit Malware for smart phones. The next step is to work on defences.”
In one example the researchers demonstrated how a hacker could remotely turn on a user’s microphone and make a call by sending an invisible text to a phone infected with the Rootkit.
This could be done when the owner of the phone was in an important meeting and allow the hacker to listen in on all that’s being said.
They also demonstrated how a hacker could locate a user’s whereabouts and how it was possible to remotely drain the phone’s battery completely dry.
It sounds terrifying doesn’t it?
However you have to remember that the researchers deliberately infected a developer’s phone for the purposes of studying what was possible.
For an attacker to infect your phone they would first have to get the Rootkit onto it in the first place and that isn’t so easy, particularly as phone operating systems aren’t necessarily going to allow it.
So no, as the researchers noted themselves, they didn’t actually find a vulnerability that a real attacker could exploit. What they’re saying is interesting nonetheless.
The research was supported by the National Science Foundation and the U.S. Army and the researchers are presenting their findings at the International Workshop on Mobile Computing Systems and Applications 2010.
