Malicious software for cell phones could pose a greater risk for consumer's personal and financial well-being than computer viruses, say scientists from Rutgers University.
The scientists have made a particularly resilient malware, known as a rootkit, that can turn a cell phone's microphone, GPS and battery against the phone's owner. The researchers say their work highlights the need for greater protection of cell phone software and greater awareness of cell phone vulnerabilities from owners.
"Rootkits have been around for desktop (computers) since the mid-1990s, but now smart phones are becoming just as complex and sophisticated," said Vinod Ganapathy, a computer scientist at Rutgers University. "We are seeing the same trends in terms of malware being extended to smart phones."
Ganapathy, along with Liviu Iftode, also a computer scientist at Rutgers, co-advised the rootkits' developers: Jeffrey Bickford, Ryan O'Hare and Arati Baliga.
A rootkit is different -- and more difficult to detect -- than other malicious software-like viruses. A computer virus is basically a tiny program that runs on a computer's operating system. A rootkit actually replaces part of the operating system.
The Rutgers' scientists developed a rootkit that affects three distinct parts of a smart phone: the microphone, the GPS and the battery. The rootkit wasn't meant to actually infect commercial phones; it was merely meant to show what was possible and encourage research to combat these threats.
Using the rootkit, the Rutgers scientists could turn on the phone's microphone anytime they wanted, eavesdropping on nearby conversations. The rootkit also sent the phone's location, using the GPS system, back to the scientists, allowing them to track the phone and the person using it anywhere. The researchers also used the rootkit to drain the phone's battery by activating power-hungry hardware like the GPS receiver and the Bluetooth.
Unless the phone's owner is paying special attention to their device, the user is unlikely to realize anything was amiss.
Manipulating these three systems alone can cause considerable damage, but this is just the tip of the iceberg, according to Ganapathy and Iftode.
Rootkits could affect other parts of the phone as well, including the camera, the touchscreen and even programs as seemingly sacrosanct as the number pad. When a person goes to dial, say, Bank of America to check their account balance, a hacker could redirect the phone call to another device, said Iftode. By the end of the conversation, the hacker could walk away with a person's bank account number.
It's easy to get carried away with the potential crimes that could happen, which only underscores the need to develop tools to fight off what could be a growing wave of cell phone attacks.
"We believe that as the population of mobile devices increases, there will be an increasing interest in attacking these devices," said Ganapathy.