New security threat against ‘smart phone’ users

February 23, 2010 07:24 pm | Updated December 16, 2016 03:03 pm IST

Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences.

The researchers demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner's travels, or rapidly drain its battery to render the phone useless.

These actions could happen without the owner being aware of what happened or what caused them.

“Smart phones are essentially becoming regular computers,” said Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences. “So they are just as vulnerable to attack by malicious software, or ‘malware.'“

Ganapathy and computer science professor Liviu Iftode worked with three students to study a nefarious type of malware known as “rootkits.” Unlike viruses, rootkits attack the heart of a computer's software – its operating system.

They can only be detected from outside a corrupted operating system with a specialized tool known as a virtual machine monitor, which can examine every system operation and data structure.

Rootkit attacks on smart phones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message, according to a Rutgers University press release.

In one test, the researchers showed how a rootkit could turn on a phone's microphone without the owner knowing it happened.

In such a case, an attacker would send an invisible text message to the infected phone telling it to place a call and turn on the microphone, such as when the phone's owner is in a meeting and the attacker wants to eavesdrop.

In another test, they demonstrated a rootkit that responds to a text query for the phone's location as furnished by its GPS receiver. This would enable an attacker to track the owner's whereabouts.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.