Industry News

Smartphone Sensors Could be Used to Activate Malware, Research Shows

Mobile phone sensors such as microphones, accelerometers and cameras might be used to initiate a malware outbreak on smartphones, according to researchers at the University of Alabama at Birmingham.

Fear not – it’s not the end of the digital world, but rather a what-if scenario to prepare the user for the next generation of mobile malware that circumvents the limitations of TCP/IP communications and evades intrusion detection mechanisms.

According to the researchers, the mobile phone’s sensor peripherals could be used for out-of-band communication to receive a trigger message that activates dormant bots on devices within range. Of course, in order for the communication to succeed, malware needs to be planted in advance via old-fashioned mechanisms (such as downloading apps via official or unofficial markets, social engineering attacks or platform exploitation).

“Unlike the traditional command and control communication over a centralized infrastructure (such as a cellular network), out-of-band communication is very hard to detect and even harder to prevent infected mobile bots,” claims the paper.

While the assumptions are interesting, the researchers left out a serious part of the business: the communication channel between the bot and the mothership. Modern malware is highly dependent on two-way communication, so if you’re planning to actually steal data, you’ll still need to send it via the Internet.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

1 Comment

Click here to post a comment
  • It leaves out another aspect. Part of the reason that the internet works so well for spreading viruses and such is that it’s so reliable and works exactly the same on every device. Each device handles other types of communication differently, and so a virus would probably only spread between identical/similar devices. For example, on my Android devices, the bluetooth stack is entirely different between my S3 and my Nexus 7 and 10. Bugs and security holes present on my Nexuses may not exist on my S3, making it immune to many of the hacks that work on a Nexus, and vice versa.