Skip to Content
Uncategorized

Predicting Smart Phone Attacks

Researchers perform spying and other tricks.
February 22, 2010

Though malware is not yet common on mobile phones, experts are taking a hard look at how it could appear down the road, hoping to find solutions before real attacks emerge.

Researchers from Rutgers University recently identified a series of possible attacks on smart phones, including one that would grant the attacker the ability to eavesdrop on a user. They will present these proof-of-concept attacks tomorrow at HotMobile 2010, a conference taking place in Annapolis, MD.

The researchers didn’t exploit any vulnerabilities to get it onto the phone–instead, they pre-installed a rootkit. This is a piece of software that buries itself deep in a device’s operating system, where it can take control of most of the software running on the machine. Though there are some legitimate uses for rootkits, for the most part they’re a particularly nasty type of malware.

The researchers demonstrate their system on the NeoFreeRunner phone, running the open-source software stack OpenMoko. Their attacks used malicious text messages to give instructions to the rootkit. Because the rootkit is able to control so much of the phone’s software, it could hide the text messages from the legitimate user and carry out instructions without interference.

In one attack, the researchers instructed the phone to call a specified number, which might allow them to use the smart phone to listen in on a confidential meeting attended by the legitimate user. They were also able to instruct the phone to report its location to the attacker, and to drain its battery by turning on energy-hogging features without the user’s knowledge.

The Rutgers researchers believe that smart phones will soon need to have tools for detecting rootkits and other malicious software. This could be a challenge, they say, because the algorithms used to search for such software use a lot of processing power and would reduce battery life. So they propose offloading that processing to the service provider, following the model of cloud-based antivirus that has been gaining traction on desktop computers.

Deep Dive

Uncategorized

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

stock art of market data
stock art of market data

Maximize business value with data-driven strategies

Every organization is now collecting data, but few are truly data driven. Here are five ways data can transform your business.

Cryptocurrency fuels new business opportunities

As adoption of digital assets accelerates, companies are investing in innovative products and services.

Mifiprex pill
Mifiprex pill

Where to get abortion pills and how to use them

New US restrictions could turn abortion into do-it-yourself medicine, but there might be legal risks.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.