By James Limbach
ConsumerAffairs.com
February 25, 2010
Bad enough that you have to worry about attacks on your computer. Now, researchers say the same type of malware can go after smart mobile phones.
These assaults, they warn, could potentially cause a phone to eavesdrop on a meeting, track an owner's travels, or rapidly drain its battery to render the phone useless.
Computer scientists from Rutgers have demonstrated these problems and say they could occur without the owner even being aware of what happened or what caused them.
"Smart phones are essentially becoming regular computers," says Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences. "They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or 'malware.'"
Smart phones are cell phones that also offer Internet accessibility, texting, and e-mail capabilities and a variety of programs commonly called "apps."
Ganapathy and computer science professor Liviu Iftode worked with three students to study a nasty type of malware known as "rootkits." Unlike viruses, rootkits attack the heart of a computer's software -- its operating system.
They can be detected only from outside a corrupted operating system with a specialized tool known as a virtual machine monitor, which can examine every system operation and data structure.
Virtual machine monitors exist for desktop computers, but in current form, they demand more processing resources and energy than a portable phone can currently support.
Complaints about malware attacks on PCs are fairly commonplace -- even when users have protection.
In a complaint to ConsumerAffairs.com, Janet of Mishawaka, IN, said, "I had Norton Virus protection on my laptop and was infected by a Trojan virus and 2 malware viruses. How do I know this? Not because of Symantec's 99.99 virus removal service, but because of Best Buy's Geek Squad. While Symantec was unable to detect a problem, she says, "In 20 minutes, Best Buy was able to identify the Trojan and the 2 malware viruses and where the viruses came from."
Rootkit attacks on smart phones or upcoming tablet computers could be more devastating than assaults on PCs because smart phone owners tend to carry their phones with them all the time. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user's whereabouts by querying the phone's Global Positioning System (GPS) receiver.
Warning flag
Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message.
"What we're doing today is raising a warning flag," Iftode says. "We're showing that people with general computer proficiency can create rootkit malware for smart phones. The next step is to work on defenses."
In one test, the researchers showed how a rootkit could turn on a phone's microphone without the owner knowing it happened. In such a case, an attacker would send an invisible text message to the infected phone telling it to place a call and turn on the microphone, such as when the phone's owner is in a meeting and the attacker wants to eavesdrop.
In another test, they demonstrated a rootkit that responds to a text query for the phone's location as furnished by its GPS receiver. This would enable an attacker to track the owner's whereabouts.
Finally, they showed a rootkit turning on power-hungry capabilities, such as the Bluetooth radio and GPS receiver to quickly drain the battery. An owner expecting remaining battery life would instead find the phone dead.
The researchers are careful to note that they did not assess how vulnerable specific types of smart phones are. They did their work on a phone used primarily by software developers versus commercial phone users.
Working within a legitimate software development environment, they deliberately inserted rootkit malware into the phone to study its potential effects. They did not find a vulnerability that a real malware attacker would have to exploit.
Recent research suggests concerns about computer security have grown to the point that people are reluctant to post their personal information on social networking sites, whose popularity has been showing explosive growth.
