iPad and smartphone rootkits demo'd by boffins

Cracking into the ultimate spy device - in your pocket


Computing boffins say they have demonstrated rootkits which can be used to turn your smartphone or "upcoming tablet computer" into a remotely-activated bugging or tracking system.

“Smart phones are essentially becoming regular computers,” says Vinod Ganapathy, computing prof at Rutgers uni in New Jersey. “They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malware.”

Ganapathy and his colleagues developed various rootkits for demonstration purposes, choosing that class of malware because - they say - virtual machine monitors necessary to detect rootkits can't yet be run on portable devices.

According to the boffins:

Rootkit attacks on smart phones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user’s whereabouts by querying the phone’s Global Positioning System (GPS) receiver. Smart phones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message.

“What we’re doing today is raising a warning flag,” said Ganapathy's fellow-prof Liviu Iftode. “We’re showing that people with general computer proficiency can create rootkit malware for smart phones. The next step is to work on defenses.”

The researchers demonstrated means whereby a badhat could send an invisible text message to an undetectably-rootkitted phone, causing it to place a call out - for instance during a meeting - and so allow the malware operator to listen in to conversations around it. Likewise it was possible to query the phone's GPS so as to locate or track its owner.

It was also possible to remotely switch on multiple power-hog capabilities of the phone - for instance WiFi, GPS and Bluetooth all at once - and so drain its battery without the owner noticing.


Other stories you might like

  • Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open
    No, you're not really gonna be hacked. But you may be surprised

    Some research into the potentially exploitable low-power state of iPhones has sparked headlines this week.

    While pretty much no one is going to utilize the study's findings to attack Apple users in any meaningful way, and only the most high-profile targets may find themselves troubled by all this, it at least provides some insight into what exactly your iOS handheld is up to when it's seemingly off or asleep. Or none of this is news to you. We'll see.

    According to the research, an Apple iPhone that goes asleep into low-power mode or is turned off isn't necessarily protected against surveillance. That's because some parts of it are still operating at low power.

    Continue reading
  • China will produce one in five of the chips it uses in 2026, says analyst
    Well short of planned 70 percent domestic capacity

    China’s integrated circuit (IC) production has failed to keep pace with its appetite for silicon, with market research firm IC Insights predcicting the nation will produce only one in five ICs it uses in 2026.

    That figure is a increase from 2021's one in six, and reflects eight percent compound annual growth rate from 2021 to 2026. But it means China will miss its own targets for locally-made-and-consumed silicon.

    “Although China has been the largest consuming country for ICs since 2005, it does not necessarily mean that large increases in IC production within China would immediately follow, or ever follow” said the firm in a bulletin on Wednesday.

    Continue reading
  • Tencent happily parting ways with loss-making cloud customers
    Cutting costs across sprawling business as COVID makes life hard in China

    Chinese tech giant Tencent has recorded its first ever quarter-to-quarter revenue fall, warned that COVID-19 lockdowns will hurt messing with its business, and cautioned against assumptions that Beijing is ready to enthusiastically support tech companies.

    On its Q1 2022 earnings call yesterday, the company offered more explanation of its shifting cloud strategy.

    Chief strategy officer James Mitchell told investors the company is pleased to have shown loss-making cloud customers the door, and “proactively scaled back … deeply discounted infrastructure-only contracts for basic services such as cloud compute and content delivery network.” Projects that had high costs and/or relied on sub-contractors have also been scaled back.

    Continue reading

Biting the hand that feeds IT © 1998–2022