Malware plaguing mobile devices are a growing concern, and some researchers have made an even worrying revelation. They have found that criminals may get down to using methods involving music, lighting or vibration to trigger malware on mobile devices.
These researchers, one of whom is of Indian-origin, belong to the University of Alabama at Birmingham (UAB). The UAB researchers were able to trigger malware hidden in mobile devices from 55 feet away in a crowded hallway using music. They also managed successfully, at various distances, using music videos; lighting from a TV, computer monitor and overhead bulbs; vibrations from a subwoofer; and magnetic fields.
Music can trigger malware in mobile devices (Image credit: Getty Images)
Reports further quoted Ragib Hasan, assistant professor of computer and information sciences and director of the UAB SECuRE and Trustworthy (SECRET) computing lab as saying, “When you go to an arena or Starbucks, you don't expect the music to have a hidden message, so this is a big paradigm shift because the public sees only emails and the internet as vulnerable to malware attacks.” Hassan added, “We devote a lot of our efforts towards securing traditional communication channels. But when bad guys use such hidden and unexpected methods to communicate, it is difficult if not impossible to detect that.”
Nitesh Saxena, director of the UAB security and privacy in emerging computing and networking Systems research group and assistant professor in the center for information assurance and joint forensics research said, “We showed that these sensory channels can be used to send short messages that may eventually be used to trigger a mass-signal attack.”
Interestingly, the researchers could trigger malware with a bandwidth of only 5 bits per second.
Saxena added, “While traditional networking communication used to send such triggers can be detected relatively easily, there does not seem to be a good way to detect such covert channels currently.”
The researchers presented their findings at the 8th Association for Computing Machinery (ACM) Symposium on Information, Computer and Communications Security in Hangzhou, China.
Publish date: May 28, 2013 11:24 am| Modified date: December 19, 2013 11:44 am