Can Clever Hackers Target Smart Phones?

April 2, 2010, National Science Foundation
Smart phones are becoming a common part of everyday life, but the same capabilities that make them so useful offer opportunities for hackers. Credit: Zina Deretsky, National Science Foundation

(PhysOrg.com) -- Smart phones are becoming a common part of everyday life. Millions of Americans are using these powerful devices whose impressive capabilities and features rival that of desktop computers from just a few years ago, including new tools that can help simplify everyday tasks such as finding a parking garage or the nearest drycleaner.

But suppose you're a criminal who wants to surreptitiously monitor someone's every move and even eavesdrop wherever they take their phone? Yes, as it turns out, there's an ap for that, too.

Few smart phone users realize that the same characteristics that make these devices so useful can be can be hijacked and used against them. Recently, two researchers from Rutgers University, Vinod Ganapathy and Liviu Iftode, with support from the National Science Foundation tasked a group of graduate students with an intriguing challenge. Starting with the assumption that they had found a way to hack into a smart phone, the grad students were asked to take a smart phone platform commonly used by and develop malicious applications that a user may not even notice.


Vinod Ganapathy and Liviu Iftode, two researchers from Rutgers University, described the results of their attempts to hack and hijack smart phones in this online media briefing. Credit: National Science Foundation/Rutgers University

The team decided to inject software components known as rootkits into the phone's operating system. Rootkits are a particularly devious threat to a computer, because they attack the operating system itself. Traditional antivirus software, therefore, may not be able to detect them because they don't appear to be stand alone applications or viruses. Most desktop computers are protected from rootkits by something known as virtual machine monitor, but because of their limited size and limited energy resources, smart phones don't deploy these monitors, making it very difficult to know a rootkit attack has taken place.

Once the rootkits were in place, the researchers were able to hijack a smart phone by simply sending it a text message. This allowed them to do things like quietly turn on the device's microphone, enabling them to hear what was going on in the room where the phone had been placed. Another attack trained the phone to use its GPS capabilities to report the phone's exact location without the user's knowledge. By turning on various high-energy functions, the team was even able to rapidly drain the phone's batteries, rendering it useless. The Rutgers team presented the results of their attempts to hack and hijack at the International Workshop on Mobile Computing Systems and Applications (HotMobile 2010).

Ganapathy and Liviu say they haven't been approached by the makers of popular smart phone devices, but hopefully their research will help keep these new devices safe and sound.

Explore further: Researchers show new security threat against 'smart phone' users

Related Stories

New Windows phones won't run current apps

March 5, 2010

(AP) -- Microsoft Corp. has said its new software for smart phones, Windows Phone 7 series, is a "clean break" with the past. Now it's clear just how clean that break is: The new phones, expected late this year, won't run ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

3 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

paulthebassguy
not rated yet Apr 02, 2010
I don't think this article is very useful because I think most people could imagine what hackers would be able to do "IF" they had access to your phone.

Still though, I would like to hear a way to be able to install these rootkits on smartphones without being detected.
warra_warra
not rated yet Apr 03, 2010
I agree with paulthebassguy. Smartphones are essentially handheld computers so anything a virus could do on a PC, it could do on a smart phone. The real question is how they managed to install the root kits without the user willingly allowing this. Apple prides itself by how safe the iphone is in this regard but even on Windows Mobile you are warned if installing unsigned (untrusted) software - unless the user disables that feature of course ...
FrancisR77
1 / 5 (1) Apr 03, 2010
This I think, is an invasion of privacy! BUt all the same, its good we've been informed so we can watch our backs...

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.