Share

Related Links

Related Stories

  • ENISA issues ‘golden rules’ for mobile social networking
    Today the European Network and Information Security Agency (ENISA) released a report on social networking via mobile devices. In honor of Safer Internet Day, and in an effort to remain unencumbered by our location here in the US, Infosecurity would like to share ENISA’s tips for more secure navigation of mobile social media.
  • iPhone backup cracker launched
    Moscow-based password cracking software company ElcomSoft has released a password breaker for iPhone backups.
  • Attack fools iPhone into trusting fake certificates
    An anonymous researcher has posted a proof-of-concept attack that fakes a trusted root certificate on the iPhone. Researchers have confirmed that the attack works, making it possible for anyone to create a web page that is deemed to be trusted by Apple.
  • Smartphone security has privacy problems
    WXPI, a Pittsburgh, Pennylvania-based TV station has quietly broken a story which could have profound repercusions on the security of so-called smartphones - mobile phones with computer-like qualities.
  • Infosecurity Europe: President Obama's Blackberry revealed
    The guys on the Blackberry stand at the Infosecurity Europe show weren't willing to talk specifically about it, but it looks like the White House has taken delivery of a custom Blackberry smartphone for President Obama.

Top 5 Stories

News

Rutgers team demonstrates new smart phone security threat

23 February 2010

A team of investigators at Rutgers University has revealed research indicating that smart phones can be compromised by sophisticated rootkits.

Rutgers professors Vinod Ganapathy and Liviu Iftode presented their group’s findings today at the International Workshop on Mobile Computing Systems and Applications (HotMobile 2010) in Annapolis, Md. The group, comprising the two professors and three students, was able to install a rootkit on a smart phone operating system, providing them with the capability to eavesdrop on calls made from the devices.

In addition, the complex malware installed on the smart phone permitted the team to call up the phone’s location by tapping into its GPS application; they were also able to run software on the phone that rapidly drained device’s battery.

The two Rutgers researchers told Infosecurity that smart phones could be infected by a rootkit via the same methods used to compromise other traditional desktop and laptop systems. They said this is because many smart phones are nothing more than portable mini-computers, and these devices are becoming ever-more sophisticated.

“More complex means more vulnerabilities,” said Ganapathy.

The study did not discover flaws in a smart phone operating system, but it did provide proof that rootkits could be deployed on these devices. “We didn’t exploit any flaw in the operating system”, Ganapathy told Infosecurity. “We simply installed the rootkit on the operating system.” However, the researcher does believe that a rootkit could be installed on a smart phone much the same way as on a traditional computer, whether it is via a browser exploit or by visiting sites that load malicious code.

Both Ganpathy and Iftode stressed that vulnerabilities of different smart phone operating systems were not compared in this study. In lieu of commercial smart phones, the group employed devices primarily intended for use by software developers.

“Our intention is to make the [security] community aware of these threats”, said Ganapathy, adding that his group’s future objective will be to research potential defenses to these smart phone security threats, along with the ability to detect them.

This article is featured in:
Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×