Malicious software can now invade new generations of smart mobile phones, potentially with more serious consequences, says an Indian American computer scientist.
“Smart phones are essentially becoming regular computers,” said Vinod Ganapathy, assistant professor of computer science at the Rutgers University' School of Arts and Sciences.
Ganapathy, who did his B.Tech. in Computer Science and Engineering from IIT Bombay in 2001, said: “They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or malware.”
Researchers, led by Ganapathy and Liviu Iftode, Rutgers' professor, demonstrated how such a software attack could cause a smart phone to eavesdrop on a meeting, track its owner's travels, or rapidly drain its battery to render the phone useless.
These actions could happen without the owner being aware of what happened or what caused them. Smart phones are cellular phones that also offer Internet accessibility, SMS and e-mail capabilities and a variety of programmes commonly called “apps” or applications.
Ganapathy and Iftode worked with three students to study a nefarious type of malware known as “rootkits”. Unlike viruses, rootkits attack the heart of a computer's software – its operating system.
They can only be detected from outside a corrupted operating system with a specialised tool known as a virtual machine monitor, which can examine every system operation and data structure.
Virtual machine monitors exist for desktop computers, but in current form, they demand more processing resources and energy than a portable phone can support.
Rootkit attacks on smart phones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time.
This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user's whereabouts by querying the phone's Global Positioning System (GPS) receiver.
Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message, says a Rutgers' release.
“What we're doing today is raising a warning flag,” Iftode said. “We're showing that people with general computer proficiency can create rootkit malware for smart phones. The next step is to work on defences.”
These findings are being presented at a mobile computing workshop this week in Maryland.