Channels ▼
RSS

Mobile

Hacking Smart Phones


Suppose you're a criminal who wants to surreptitiously monitor someone's every move and even eavesdrop wherever they take their phone? As it turns out, there's an app for that!

Few smart phone users realize that the same characteristics that make these devices so useful can be can be hijacked and used against them. Recently, two researchers from Rutgers University, Vinod Ganapathy and Liviu Iftode, with support from the National Science Foundation tasked a group of graduate students with an intriguing challenge. Starting with the assumption that they had found a way to hack into a smart phone, the grad students were asked to take a smart phone platform commonly used by software developers and develop malicious applications that a user may not even notice.

The team decided to inject rootkits into the phone's operating system. Rootkits are a particularly devious threat to a computer, because they attack the operating system itself. Traditional antivirus software, therefore, may not be able to detect them because they don't appear to be standalone applications or viruses. Most desktop computers are protected from rootkits by virtual machine monitors, but because of their limited size and limited energy resources, smart phones don't deploy VMMs, making it very difficult to know a rootkit attack has taken place.

Once the rootkits were in place, the researchers were able to hijack a smart phone by simply sending it a text message. This allowed them to do things like quietly turn on the device's microphone, enabling them to hear what was going on in the room where the phone had been placed. Another attack trained the phone to use its GPS capabilities to report the phone's exact location without the user's knowledge. By turning on various high-energy functions, the team was even able to rapidly drain the phone's batteries, rendering it useless.

The Rutgers team presented the results of their attempts to hack and hijack smart phones at the International Workshop on Mobile Computing Systems and Applications (HotMobile 2010).

Ganapathy and Liviu say they haven't been approached by the makers of popular smart phone devices, but hopefully their research will help keep these new devices safe and sound.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video