The researchers, who are presenting their findings at a mobile computing workshop in Maryland, are showing how a rootkit could cause a smartphone to eavesdrop on a meeting, track its owner's travels, or rapidly drain its battery to render the phone useless -- all without the user's knowledge.
"Smartphones are essentially becoming regular computers," says Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences. "They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by [malware]."
Ganapathy and computer science professor Liviu Iftode worked with three students to study the use of rootkits in smartphone operating systems. They note that while many PCs carry virtual machine monitors to help detect rootkits, most smartphones cannot support a VM monitor.
Rootkit attacks on smartphones -- or upcoming tablet computers -- could be more devastating because smartphone owners tend to carry their phones with them all of the time, the researchers say. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user's whereabouts by querying the phone's GPS receiver. Smartphones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message.
"What we're doing today is raising a warning flag," Iftode says. "We're showing that people with general computer proficiency can create rootkit malware for smartphones. The next step is to work on defenses."
In one test, the researchers showed how a rootkit could turn on a phone's microphone without the owner knowing it happened. In such a case, an attacker would send an invisible text message to the infected phone, telling it to place a call and turn on the microphone, such as when the phone's owner is in a meeting and the attacker wants to eavesdrop.
In another test, they demonstrated a rootkit that responds to a text query for the phone's location as furnished by its GPS receiver. This would enable an attacker to track the owner's whereabouts.
In a third test, the researchers showed a rootkit turning on power-hungry capabilities -- such as the Bluetooth radio and GPS receiver -- to quickly drain the battery.
The researchers are careful to note they did not assess the vulnerability of specific types of smartphones. They did their work on a phone used primarily by software developers versus commercial phone users. Working within a legitimate software development environment, they deliberately inserted rootkit malware into the phone to study its potential effects.
The research was supported by the National Science Foundation and the U.S. Army.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.