Lazy to Hack: Rootkit-based Exploits Could Eavesdrop Smartphones

28 February 2010

Rootkit-based Exploits Could Eavesdrop Smartphones

Computer scientists at Rutgers University this week are demonstrating ways that rootkits can attack new generations of smart mobile phones. The researchers, who are presenting their findings at a mobile computing workshop in Maryland, are showing how a rootkit could cause a smartphone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless — all without the user’s knowledge.

Rootkit attacks on smartphones — or upcoming tablet computers — could be more devastating because smartphone owners tend to carry their phones with them all of the time, the researchers say. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user’s whereabouts by querying the phone’s GPS receiver. Smartphones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message.

In one test, the researchers showed how a rootkit could turn on a phone’s microphone without the owner knowing it happened. In such a case, an attacker would send an invisible text message to the infected phone, telling it to place a call and turn on the microphone, such as when the phone’s owner is in a meeting and the attacker wants to eavesdrop.

In another test, they demonstrated a rootkit that responds to a text query for the phone’s location as furnished by its GPS receiver. This would enable an attacker to track the owner’s whereabouts.

In a third test, the researchers showed a rootkit turning on power-hungry capabilities — such as the Bluetooth radio and GPS receiver — to quickly drain the battery.

The researchers are careful to note they did not assess the vulnerability of specific types of smartphones. They did their work on a phone used primarily by software developers versus commercial phone users. Working within a legitimate software development environment, they deliberately inserted rootkit malware into the phone to study its potential effects.

The research was supported by the National Science Foundation and the U.S. Army.

Full report here.

= Disclaimer =

The author is not responsible for the actions, content or accuracy of the opinions expressed in Lazy2Hack, nor for privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information. The views, conclusions, findings and opinions of the author are solely those of the author and do not necessarily reflect the views of the government of the author's local precinct or any other organization which the author may represent.

This website/blog includes links to other sites operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. The author has not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of Lazy2Hack.

The author reserves the right to edit, remove or deny access to content that is determined to be, in his sole discretion, unacceptable.

Lazy to Hack

::Trend Micro Threat Resource Center::

28 February 2010

Rootkit-based Exploits Could Eavesdrop Smartphones

= Why =

:: Twitter Feed ::

= Latest Virus Alerts =

= Safe Web Browsing Tips =

= Daily Reads =

= On the go =

= Archives =

Labels

= Disclaimer =