A group of university researchers have uncovered a new generation of malware attacks that target mobile hardware.
A study conducted at the University of Alabama Birmingham found that malware samples can be tuned to spread through sensor components in mobile handsets, resulting in fast-spreading infections that can be difficult to detect by conventional means.
According to the researchers, the theoretical new attacks would prey on sensor hardware such as optics, microphones or magnetic field sensors. The malware would then in theory be able to infect other devices in the area through sensor communications.
“These communication channels can be used to quickly reach out to a large number of infected devices, while offering a high degree of undetectability,” the researchers explained.
“In particular, unlike traditional network-based communication, the proposed sensing-enabled channels cannot be detected by monitoring the cellular or wireless communication networks.”
In addition to being difficult to detect, researchers believe that the malware could be used to create local botnets, chaining together multiple devices in a single area such as a sports arena and then using the infected machines to perform distributed-denial-of-service (DDoS) operations.
The researchers also noted that the infected handsets would be particularly prone to targeted attacks and advanced-persistent-threat (APT) operations.
“The malware on the phone can be triggered when the infected phone is inside a driving car; the malware may then interact with the car’s internal network and cause some serious problems. Similarly, malware may get triggered inside a home or company and may then interfere with the home’s wireless security system, perhaps dismantle it.”
The study is not the first to suggest that sensor hardware can be a possible infection vector. In 2012 researcher Charlie Miller found that NFC hardware could be exploited to completely compromise a targeted device.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance