As smartphones become more powerful, they become susceptible to even more sophisticated attacks from hackers. Researchers at Rutgers University in New Jersey recently used a special kind of malicious software, or ‘malware,’ called a rootkit to demonstrate just how vulnerable smartphones are.
Rootkits are not a new phenomenon. They have been used for two decades to infiltrate various kinds of computers. “The point of this work is not to demonstrate a new kind of rootkit but to show the greater damage they can cause on smart phones,” study team member Liviu Iftode, professor of computer science at Rutgers, told ‘TechNewsDaily’ .
Today’s smartphones are really just mobile computers. Many of them run the same class of operating systems as desktop and laptop computers, and as a result are just as vulnerable to malware attacks, the researches say. They add, vulnerabilities in smartphones are even more dangerous because people carry them around at all times, making it easier for attackers to eavesdrop, track locations or even collect personal information . Also, features such as Bluetooth receivers and text messaging make it easier to deliver rootkits to phones.
Iftode and his colleagues recently demonstrated different kinds of rootkit attacks. For instance, the microphone on a smartphone can be turned on remotely using rootkits, allowing someone to listen in on anything going on around the owner. Another attack uses a common smartphone feature: GPS receivers . A simple text message allowed researchers to track the location and activity of the owner.
Finally, the team used another exploit to turn on all power-hungry applications and features in order to run down the battery quickly, leaving the phone inoperable. The researchers say their intent is not to just scare people, but to inspire action. “What we’re doing is raising a warning flag,” Iftode said. “We’re showing that people with general computer proficiency can create rootkit malware for smart phones. The next step is to work on defenses.”
The team used an open-source smartphone called the ‘Openmoko FreeRunner ’ running Linux software, but they emphasised that with enough time and effort, any smartphone operating system can be attacked with malware.
The Rutgers team plans to use their results to inspire developers to create new ways to detect attacks on smartphones . “It turns out that solutions that can be used to detect rootkits on a computer environment require modifications to make them applicable to smart phones,” said Vinod Ganapathy, assistant professor at Rutgers.