Smartphone rootkit alert shows nothing new

Recent demo of smartphone rootkit attack, which can facilitate eavesdropping and drain battery power, is "rehash" of something old, Sophos analysts say.
Written by Vivian Yeo, Contributor

New research by a group of U.S. computer scientists demonstrating smartphones, like their PC counterparts, are susceptible to rootkits is nothing new, Sophos experts claim.

In a presentation this week at the HotMobile 2010 mobile computing conference, Vinod Ganapathy, assistant professor of computer science in Rutgers' School of Arts and Sciences, along with another professor and three students, showed how the rootkit attack could be deployed on a smartphone to eavesdrop on a meeting, track its owner's movements, or rapidly drain the battery to render the device useless--all without the knowledge of the handset owner.

A statement on the Web site of Rutgers, which is located in New Jersey, added that rootkits attack a computer's operating system, and can only be detected with a specialized tool known as a virtual machine monitor. According to the university, such monitors demand more processing resources and battery power than a portable phone can currently support.

Responding to queries from ZDNet Asia, Ganapathy noted that following the presentation, the team had been contacted by "a couple of antivirus companies showing interest in the work".

Mobile spyware not new
Executives from Sophos, however, have dismissed the new research, describing it as "simply rehashing something old in mobile phone insecurity".

Paul Ducklin, the security vendor's Asia-Pacific head of technology, told ZDNet Asia that the Rutgers computer scientists essentially wrote a piece of spyware application, allowed the software to be installed on a phone and then recorded on video the application in action.

"We know mobile phone spyware is possible because it already exists," Ducklin said in an e-mail interview. "There are even commercial mobile spyware products one can buy, for example, to keep tabs on your children--though, of course, these can be used for other much less worthy purposes."

In a blog post on Tuesday, Graham Cluley, senior technology consultant at Sophos, said the rootkit is not a significant concern at the moment.

One reason was that for the scenarios, as highlighted by Rutgers, to happen, the phone must allow changes to be made "to its low-level software", Cluley explained. "Popular smartphones like the Apple iPhone, lock down that kind of meddling to a great extent."

Compared to Windows-based PCs, he noted that there were also fewer opportunities for mobile phones to be infected. A typical mobile phone user is also less likely than the Windows user to install applications, he added, further reducing the chances of mobile users being fooled into installing an infected application.

Security vendors have warned of escalating mobile malware, though threats so far have been limited to specific mobile operating systems such as Symbian or the iPhone.

PC malware have not been known to spill over to the mobile platform, although a proof-of-concept known as "crossover" was identified in 2006.

Editorial standards