- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
NetworkWorld.com - A Tacoma, Wash., family claims the cell phones it uses have been taken over by hackers, who are turning them on at will, capturing conversations and manipulating the cell phone camera.
The story of the Kuykendall family, as reported in the Tacoma News Tribune last week, seems an unlikely one. They believe their cell phones, as well as those owned by other families, have been taken over and the cell-phones' cameras mysteriously turn on and off. While the mystery of the Kuykendall family’s cell-phone experience hasn't been fully explained, people are wondering whether such an event is even possible. Security experts say yes — but it's still in the realm of the unlikely.
Security experts from IBM, McAfee and Symantec agree that virtually any type of cell phone can be broken into and maliciously controlled, though that takes a high degree of sophistication.
“It’s definitely possible, but still something that is limited to a very sophisticated attacker,” says Neel Mehta, team lead in the advanced research group at IBM’s Internet Security Systems Division.
Mehta says malicious code to take over the phone could be sent to the intended victim in the guise of a picture or audio clip. Once the victim clicked on it, the malware would be installed. Many in the industry refer to this as “snoopware.”
A cell-phone hijacking that enables the attacker to manipulate the microphone and camera remains “a very rare occurrence in the field,” says Paul Miller, managing director of mobile security at Symantec.
However, Miller notes that J2EE-styled malware is known to exist, for example, the “Red Browser” for sending Short Message Service messages, which is believed to have originated in Russia. Such malware typically has been used to defraud the victim, particularly in Europe. The number of viruses targeting smart phones and feature-based cell phones remains low, in the mobile realm, roughly one for every 500 viruses targeting PCs, he adds.
There are "spouse-monitoring tools” that can be obtained on the Internet to snoop on phone use, and some pure hacker varieties of this are starting to appear as well, Miller adds.
McAfee agrees that hijacking of cell phones -- whether feature-added voice phones with cameras or the newer breed of computer-based smart phones -- can happen, but appears to be a rare occurrence.
“People aren’t expecting any trouble with mobile phones and in general, it’s been a safe tool,” says Jan Volzke, senior manager in mobile security at McAfee. But having your cell phone hacked “is possible, though unlikely.”
The ways this might be done would depend on someone gaining physical access to the cell phone and deliberately tampering with it, or possibly tricking the cell phone user into downloading malicious software through Bluetooth infrared or by other means, Volzke says.
Once installed, that Trojan, acting like a small application, would let the attacker remotely control the phone and its features, such as cameras and microphones.
This kind of attack remains highly unusual, Volzke adds, and probably would target the individual using the cell phone rather than an entire cell-phone population base.