Software Turns Your Cell Phone Against You
Smart phone malware could tap into your phone's microphone, GPS, battery.
March 14, 2010— -- Malicious software for cell phones could pose a greater risk for consumer's personal and financial well-being than computer viruses, say scientists from Rutgers University.
The scientists have made a particularly resilient malware, known as a rootkit, that can turn a cell phone's microphone, GPS and battery against the phone's owner. The researchers say their work highlights the need for greater protection of cell phone software and greater awareness of cell phone vulnerabilities from owners.
"Rootkits have been around for desktop (computers) since the mid-1990s, but now smart phones are becoming just as complex and sophisticated," said Vinod Ganapathy, a computer scientist at Rutgers University. "We are seeing the same trends in terms of malware being extended to smart phones."
Ganapathy, along with Liviu Iftode, also a computer scientist at Rutgers, co-advised the rootkits' developers: Jeffrey Bickford, Ryan O'Hare and Arati Baliga.
A rootkit is different -- and more difficult to detect -- than other malicious software-like viruses. A computer virus is basically a tiny program that runs on a computer's operating system. A rootkit actually replaces part of the operating system.
The Rutgers' scientists developed a rootkit that affects three distinct parts of a smart phone: the microphone, the GPS and the battery. The rootkit wasn't meant to actually infect commercial phones; it was merely meant to show what was possible and encourage research to combat these threats.
Using the rootkit, the Rutgers scientists could turn on the phone's microphone anytime they wanted, eavesdropping on nearby conversations. The rootkit also sent the phone's location, using the GPS system, back to the scientists, allowing them to track the phone and the person using it anywhere. The researchers also used the rootkit to drain the phone's battery by activating power-hungry hardware like the GPS receiver and the Bluetooth.
Unless the phone's owner is paying special attention to their device, the user is unlikely to realize anything was amiss.
