Mobile phone sensors such as microphones, accelerometers and cameras might be used to initiate a malware outbreak on smartphones, according to researchers at the University of Alabama at Birmingham.
Fear not – itâ€™s not the end of the digital world, but rather a what-if scenario to prepare the user for the next generation of mobile malware that circumvents the limitations of TCP/IP communications and evades intrusion detection mechanisms.
According to the researchers, the mobile phoneâ€™s sensor peripherals could be used for out-of-band communication to receive a trigger message that activates dormant bots on devices within range. Of course, in order for the communication to succeed, malware needs to be planted in advance via old-fashioned mechanisms (such as downloading apps via official or unofficial markets, social engineering attacks or platform exploitation).
â€œUnlike the traditional command and control communication over a centralized infrastructure (such as a cellular network), out-of-band communication is very hard to detect and even harder to prevent infected mobile bots,â€ claims the paper.
While the assumptions are interesting, the researchers left out a serious part of the business: the communication channel between the bot and the mothership. Modern malware is highly dependent on two-way communication, so if youâ€™re planning to actually steal data, youâ€™ll still need to send it via the Internet.