Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Though malware is not yet common on mobile phones, experts are taking a hard look at how it could appear down the road, hoping to find solutions before real attacks emerge.

Researchers from Rutgers University recently identified a series of possible attacks on smart phones, including one that would grant the attacker the ability to eavesdrop on a user. They will present these proof-of-concept attacks tomorrow at HotMobile 2010, a conference taking place in Annapolis, MD.

The researchers didn’t exploit any vulnerabilities to get it onto the phone–instead, they pre-installed a rootkit. This is a piece of software that buries itself deep in a device’s operating system, where it can take control of most of the software running on the machine. Though there are some legitimate uses for rootkits, for the most part they’re a particularly nasty type of malware.

The researchers demonstrate their system on the NeoFreeRunner phone, running the open-source software stack OpenMoko. Their attacks used malicious text messages to give instructions to the rootkit. Because the rootkit is able to control so much of the phone’s software, it could hide the text messages from the legitimate user and carry out instructions without interference.

In one attack, the researchers instructed the phone to call a specified number, which might allow them to use the smart phone to listen in on a confidential meeting attended by the legitimate user. They were also able to instruct the phone to report its location to the attacker, and to drain its battery by turning on energy-hogging features without the user’s knowledge.

The Rutgers researchers believe that smart phones will soon need to have tools for detecting rootkits and other malicious software. This could be a challenge, they say, because the algorithms used to search for such software use a lot of processing power and would reduce battery life. So they propose offloading that processing to the service provider, following the model of cloud-based antivirus that has been gaining traction on desktop computers.

0 comments about this story. Start the discussion »

Tagged: Communications, security, mobile phones, smart phone, mobile security, antivirus software

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me