Your smartphone has a camera, a microphone, and it can connect to the Internet. Does this concern you? If not, consider the news from Rutgers University this week that researchers demonstrated how a software attack could cause a smartphone to eavesdrop on a meeting or track its owner's travels. The attack could also be used to rapidly drain its battery and render the phone useless without the owner being aware of what happened or what caused it.
Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences, explained, "Smart phones are essentially becoming regular computers. They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or 'malware.'"
The Rutgers' researchers focused on "rootkit" attacks, which work at the highest privileged level of the computer and can be difficult to detect, even with anti-virus software. In one example, they demonstrated a rootkit that responded to a text query for the phone's location based on its GPS receiver, allowing it to track the user's movements. In another test, the rootkit was used to turn on a phone's microphone without the user knowing it was on. The attacker sends an invisible text message to the infected phone telling it to place a call and turn on the microphone.
Rutgers' researchers noted they did not assess the vulnerability of specific types of smartphones. The work was done on a phone used primarily for software development rather than commercial users. They did not find a vulnerability that a real malware attacker would be able to exploit.
