Fear not – it’s not the end of the
digital world, but rather a what-if scenario to prepare the user for the
next generation of mobile malware that circumvents the limitations of
TCP/IP communications and evades intrusion detection mechanisms.
According to the researchers,
the mobile phone’s sensor peripherals could be used for out-of-band
communication to receive a trigger message that activates dormant bots
on devices within range. Of course, in order for the communication to
succeed, malware needs to be planted in advance via old-fashioned
mechanisms (such as downloading apps via official or unofficial markets,
social engineering attacks or platform exploitation).
“Unlike the traditional command and
control communication over a centralized infrastructure (such as a
cellular network), out-of-band communication is very hard to detect and
even harder to prevent infected mobile bots,” claims the paper.
While the assumptions are interesting,
the researchers left out a serious part of the business: the
communication channel between the bot and the mothership. Modern malware
is highly dependent on two-way communication, so if you’re planning to
actually steal data, you’ll still need to send it via the Internet.
0 comments:
Post a Comment