Technology Review - Published By MIT
Technology Review  in U.S. | en Español | auf Deutsch | in Italiano | 中文 | in India
Advertisement

TR Editors' blog

Insights, opinions, and our editors' analysis of the latest in emerging technologies.

Blog Topics

Recent Posts

Recent Comments

  • ... : Just sayin'. Related: News outlets use the same technique to create value-free "content" to match...
  • Phineas : your advice is that I put up a blog claiming the outcome of Charles B Rangel's ethics hearing and...
  • mattgroom : While we may not be able to transport the extra energy in our current wiring...why bother...  Use...
  • wctopp : You can now legally "jailbreak" an iPhone and use it on another network.  You cannot, however,...
  • luddite : Yes it makes perfect sense does'nt it. A company spends an inordinate amount of money developing...

Top Stories Of The Day

Advertisement
Monday, February 22, 2010

Predicting Smart Phone Attacks

Researchers perform spying and other tricks.
By Erica Naone

Though malware is not yet common on mobile phones, experts are taking a hard look at how it could appear down the road, hoping to find solutions before real attacks emerge.

Researchers from Rutgers University recently identified a series of possible attacks on smart phones, including one that would grant the attacker the ability to eavesdrop on a user. They will present these proof-of-concept attacks tomorrow at HotMobile 2010, a conference taking place in Annapolis, MD.

The researchers didn't exploit any vulnerabilities to get it onto the phone--instead, they pre-installed a rootkit. This is a piece of software that buries itself deep in a device's operating system, where it can take control of most of the software running on the machine. Though there are some legitimate uses for rootkits, for the most part they're a particularly nasty type of malware.

The researchers demonstrate their system on the NeoFreeRunner phone, running the open-source software stack OpenMoko. Their attacks used malicious text messages to give instructions to the rootkit. Because the rootkit is able to control so much of the phone's software, it could hide the text messages from the legitimate user and carry out instructions without interference.

In one attack, the researchers instructed the phone to call a specified number, which might allow them to use the smart phone to listen in on a confidential meeting attended by the legitimate user. They were also able to instruct the phone to report its location to the attacker, and to drain its battery by turning on energy-hogging features without the user's knowledge.

The Rutgers researchers believe that smart phones will soon need to have tools for detecting rootkits and other malicious software. This could be a challenge, they say, because the algorithms used to search for such software use a lot of processing power and would reduce battery life. So they propose offloading that processing to the service provider, following the model of cloud-based antivirus that has been gaining traction on desktop computers.

Tags: security, mobile phones, antivirus software, mobile security, smart phone, rootkits

Comments
Reply

« Previous Post

Next Post »

Computing
Web
Communications
Energy
Materials
Biomedicine
Business
Today's Stories

Log In

Advertisement
Advertisement
MIT Massachusetts Institute of Technology CyberMedia © 2010 Technology Review. All Rights Reserved.