Hacked smartphones pose military threat

Malicious software that commandeers phone functions could give wartime enemies valuable information about troop locations and movements

Hacked smartphones could endanger troops by sending location data to the enemy using mechanisms similar to those employed by recently discovered Android malware, experts say.

Malicious software that commandeers phone functions could give wartime enemies valuable information about troop locations and movements, according to Hugh Thompson, a software security professor at Columbia University and conference chairman for the RSA Confernece, and Markus Jakobsson, who works on the PayPal online security and malware strategy team.

"Even normal apps can send a lot of information back home," Thompson says, and individual users are generally ill equipped to determine whether these apps represent security risks.

Jacobsson says he has discussed the problem with the Defense Advanced Research Projects Agency (DARPA). In fact, DARPA brought it up. "I would say the military are aware of it but not very comfortable with it," he says.

Top 5 DARPA technology projects of 2010

Misuse of legitimate phone features can be dangerous, he says. For example, troops who send photos they've taken on their cell phones may not realize the phones embed GPS data giving out the longitude and latitude of where it was taken. Such photos intercepted by enemies or sent to them covertly by malware on the phone could reveal troop locations, he says.

In the case of the Android malware discovered in Russia, it sends SMS messages to a destination that charges the phone account $5, but that type of unauthorized activity could be sending critical information about troop locations, Jakobsson says. (Also see: Smartphone security thwarted by fingerprint smudges.)

For instance, malware that sent out geolocation data every half hour could potentially reveal troop movements, he says. Even timestamps on photos could be somewhat revealing. Time of day combined with lighting in outdoor conditions could reveal something about where in the world the camera was when it took the photo, he says.

These leaks could be enhanced by malware infecting phones, and such software could be deposited there via applications users buy and approve of. Whenever someone buys a smartphone app, the processes it requires access to are listed and the buyer has to OK the list. But that's not a question most users are qualified to answer. "It's difficult enough to use computers," Jakobsson says. "It's not a good question to ask them and we shouldn't ask them to answer it."

Instead, he proposes safety applications that monitor what processes are in use and that trigger pop-ups that warn users when something suspicious is going on. Such software could have a soldier setting that would block phone activity that poses potential threats in a military zone, he says.

Via his company FatSkunk, he proposes software for handsets that periodically detects active malware. If deployed on troops' phones it could trigger warnings and infected phones could be brought to facilities for cleaning.

Adrian Perrig, a professor at Carnegie Mellon University, is working on a similar product that works slightly differently, but the goal is the same. He is exploring use of software that creates a trusted isolated environment into which authorized phone software can be launched and patched to protect it from malware. This safe zone is called a Dynamic Root of Trust, he says.

Perrig is also looking at hardware-based checks of whether a phone's authorized configuration has been tampered with. This could be done with a separate trusted device, but chips with hardware security built in are available from ARM that would allow this check to be done by the phone itself.

"All phones offer a lot of opportunity for observing what the operator is doing -- e-mail, GPS, finding restaurants," Perrig says. Malware can turn phone microphones on or snap photos surreptitiously, he says.

As personal devices are used more and more outside personal settings, this issue will become more important, and not just in war zones, Thompson says. "It's a business and military issue," he says.

Read more about wide area network in Network World's Wide Area Network section.

Join the PC World newsletter!

Error: Please check your email address.

Tags consumer electronicsNetworkingsecurityHacked smartphonessmartphonesPhoneswirelesspaypalanti-malware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?