Skip to Content

Preventing Smart-Phone Armageddon

If hackers got access to enough smart phones, they could paralyze wireless communications.
September 8, 2010

In 2009, Scott Totzke, vice president of security at Research in Motion – maker of the BlackBerry smartphone – told Reuters that his nightmare scenario was a type of attack in which a sufficient number of smart phones in a given area were compromised in a way that they would send so much data through a local cell phone network that normal cell phone service would effectively be knocked out.

Now researchers are working on a way to prevent the kind of malicious access that would allow such an attack. The bad news is it’s nowhere near being implemented yet, leaving many smartphones vulnerable to being compromised and exploited.

To understand the attack, which is the cell-phone equivalent of what’s known as a Distributed Denial of Service (DDoS) attack, it helps to understand that something like it has happened before – on 9/11. On that day a phenomenon common to many natural disasters and large-scale emergencies occurred: everyone tried to call out from or into the Manhattan cell phone network at once, overloading the network and making it almost impossible for calls to get through.

In a smartphone DDoS attack, hackers would have to get access to a sufficient number of phones in the same area, and then, all at once, get them to start pushing as much data through the network as possible. When this happens on the Internet, with conventional PCs and routers, it can bring a targeted Web site to its knees, making it impossible for anyone to access it.

Even if an attack of this kind never happens – fortunately it’s unlikely, given its scale and the still limited reach of smartphone viruses, trojan horses and rootkits – the growing ubiquity of smartphones, along with the sensitive information they carry, makes it likely that exploits for these phones will continue to proliferate. That could be more than just a route to identity theft - rogue software could also slow the cell phone networks in general.

The solution, proposes a pair of researchers at the University of Colorado at Boulder, is to devise an effective way to check smartphones for viruses. It sounds simple, but the problem is that smartphones don’t have the battery life to be constantly running onboard virus-scanning software. So Bryan Dixon and Shivakant Mishra propose running the virus scans on the PC to which smartphones are so often connected.

In this way, the smartphone could send over hashes of all the files on the phone - hashes are small representations of large files - and the PC could use this information to determine which files have changed since the last time the phone was connected, scanning only those files in order to save time.

The researchers admit that their strategy wouldn’t be able to defeat a rootkit (software that gives a malicious hacker total control of the phone and to some extent replaces its operating system), but they argue there are also potentially strategies for determining whether a phone has been compromised in this way. These strategies include, for example, timing how long the phone takes to respond to certain challenges - a rootkit might be able to provide the right answer, but it wouldn’t be as quick at doing the calculations as the phone’s native OS.

Smartphones are now computers, which means that they are vulnerable to the same kinds of exploits as computers. While Apple and RIM have created walled gardens for their software to minimize the access points for malicious software, the Android market does not - it’s basically a ratings and trust-based system. In addition, with cell phones, in some sense the stakes are higher: because bandwidth on wireless networks is at such a premium, if there were as many smart phones enlisted in the ranks of the world’s hacker-controlled zombie computers as there are PCs, it would almost certainly affect network performance, making the wireless Web that much more difficult for everyone to access.

Follow Mims on Twitter or contact him via email.

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.