If you are feeling safe and secure using your cellphone in public, some research out of the University of Alabama will shatter that confidence for you. It seems that it is possible to use sound as a trigger to activate malware from a distance, even over low quality speakers. You already know about Shazam and other apps you can use to identify songs simply by holding up your cellphone and have it successfully connect to a remote database to get the song data, even in a loud room. This research shows that a previously infected phone could have dormant malware installed which can be remotely activated simply by music with a hidden message contained within it, inaudible to human ears. Pair this with the known Autoconnect to Saved WiFi Profiles vulnerability and your phone could very easily start leaking information you would much rather keep private. Follow the links from The Register to read the research paper and reactions to it.
"Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale.
The paper, titled Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices, was presented in the eastern Chinese city of Hangzhou earlier this month by researchers at the University of Alabama at Birmingham (UAB)."
Here is some more Tech News from around the web:
- Nvidia's Geforce GTX 770 comes close to the Radeon HD 7970 GHz Edition @ The Inquirer
- Intel nabs mobile GPS business of moribund ST-Ericsson @ The Register
- Apple reportedly to release 2 new iPhones in 3Q13 @ DigiTimes
- Mediatek releases quad-core 1.5GHz ARM Cortex A7 chip for tablets @ The Inquirer