Mobile phone sensors such as microphones, accelerometers and cameras might be used to initiate a malware outbreak on smartphones, according to researchers at the University of Alabama at Birmingham.
Fear not – it’s not the end of the digital world, but rather a what-if scenario to prepare the user for the next generation of mobile malware that circumvents the limitations of TCP/IP communications and evades intrusion detection mechanisms.
According to the researchers, the mobile phone’s sensor peripherals could be used for out-of-band communication to receive a trigger message that activates dormant bots on devices within range. Of course, in order for the communication to succeed, malware needs to be planted in advance via old-fashioned mechanisms (such as downloading apps via official or unofficial markets, social engineering attacks or platform exploitation).
“Unlike the traditional command and control communication over a centralized infrastructure (such as a cellular network), out-of-band communication is very hard to detect and even harder to prevent infected mobile bots,†claims the paper.
While the assumptions are interesting, the researchers left out a serious part of the business: the communication channel between the bot and the mothership. Modern malware is highly dependent on two-way communication, so if you’re planning to actually steal data, you’ll still need to send it via the Internet.
It leaves out another aspect. Part of the reason that the internet works so well for spreading viruses and such is that it’s so reliable and works exactly the same on every device. Each device handles other types of communication differently, and so a virus would probably only spread between identical/similar devices. For example, on my Android devices, the bluetooth stack is entirely different between my S3 and my Nexus 7 and 10. Bugs and security holes present on my Nexuses may not exist on my S3, making it immune to many of the hacks that work on a Nexus, and vice versa.