Imagine sitting in a café and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop, you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence.
Recent research from two universities suggests that such a remote eavesdropping scenario may soon be possible.
According to George Mason University researchers Ryan Farley and Xinyuan Wang, cell phones make excellent surveillance devices for remote snoops. In a paper, Farley and Wang discuss a "modernised mic hijacker" [PDF] that an attacker could control over what they call a "roving bugnet." The eavesdropper would use a piece of malware called a "bugbot" to listen in on in-person interactions via a nearby smartphone or laptop. Such attacks would be more likely to target specific people (a wayward spouse, say) than to play a role in widespread attacks on the general public.
Mobile malware on the rise
Though fewer than 500 pieces of cell phone malware have been written since 2004, researchers have seen an explosion within the past year. Mikko Hyppönen, chief research officer for F-Secure, says that 95 percent of mobile malware was written for the Symbian OS, but that's changing fast due to the success of Apple's iPhone and Google's Android OS.
Given the relative scarcity of mobile malware, Farley and Wang conducted experiments on Windows XP and Mac OS laptops. The researchers directed their bugbot to join an Internet Relay Chat channel so that they could remotely enable and disable each laptop's microphone to stream real-time conversations occurring in the area. The same thing, they said, could be done on almost any smartphone.
Phone users are vulnerable, too
Researchers at Rutgers University, Jeffrey Bickford, Ryan O'Hare, Arati Baliga, Vinod Ganapathy and Liviu Iftode, announced in a 2010 paper that they had successfully demonstrated possible attack methods by creating mobile phone rootkits [PDF], malware that burrows deep into the operating system.
The researchers were able to hit three specific mobile features, attacking the battery (to keep the user from turning on the phone), GPS services (to snag location data) and voice and messaging (to listen to voice messages and retrieve old texts).
If your smartphone were to be infected in any of those ways, you probably wouldn't even notice, even if you're a sophisticated user. Because security software generally sees operating systems as trustworthy, rootkits tucked deep within an OS can go undetected for a long time. In fact, desktop antimalware products have only recently started to scan for rootkits.