Share

Related Links

Top 5 Stories

News

Rutgers team demonstrates new smart phone security threat

23 February 2010

A team of investigators at Rutgers University has revealed research indicating that smart phones can be compromised by sophisticated rootkits.

Rutgers professors Vinod Ganapathy and Liviu Iftode presented their group’s findings today at the International Workshop on Mobile Computing Systems and Applications (HotMobile 2010) in Annapolis, Md. The group, comprising the two professors and three students, was able to install a rootkit on a smart phone operating system, providing them with the capability to eavesdrop on calls made from the devices.

In addition, the complex malware installed on the smart phone permitted the team to call up the phone’s location by tapping into its GPS application; they were also able to run software on the phone that rapidly drained device’s battery.

The two Rutgers researchers told Infosecurity that smart phones could be infected by a rootkit via the same methods used to compromise other traditional desktop and laptop systems. They said this is because many smart phones are nothing more than portable mini-computers, and these devices are becoming ever-more sophisticated.

“More complex means more vulnerabilities,” said Ganapathy.

The study did not discover flaws in a smart phone operating system, but it did provide proof that rootkits could be deployed on these devices. “We didn’t exploit any flaw in the operating system”, Ganapathy told Infosecurity. “We simply installed the rootkit on the operating system.” However, the researcher does believe that a rootkit could be installed on a smart phone much the same way as on a traditional computer, whether it is via a browser exploit or by visiting sites that load malicious code.

Both Ganpathy and Iftode stressed that vulnerabilities of different smart phone operating systems were not compared in this study. In lieu of commercial smart phones, the group employed devices primarily intended for use by software developers.

“Our intention is to make the [security] community aware of these threats”, said Ganapathy, adding that his group’s future objective will be to research potential defenses to these smart phone security threats, along with the ability to detect them.

This article is featured in:
Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×