[ISN] Researchers Find New Ways To Eavesdrop Via Mobile Devices

From: InfoSec News <alerts_at_private>
Date: Thu, 27 May 2010 03:21:05 -0500 (CDT)
http://www.darkreading.com/vulnerability_management/security/privacy/showArticle.jhtml?articleID=225200320

By Tim Wilson
DarkReading
May 26, 2010

Cell phones and other handheld devices could become a great way to 
listen in on spoken conversations, researchers at George Mason 
University said this week.

In a paper (PDF), researchers Ryan Farley and Xinyuan Wang describe 
several new plays on the concept of "microphone hijacking," which has 
been used for years. The idea is to put spyware on mobile devices -- 
including laptops, cell phones, and PDAs -- that can use their built-in 
microphones to eavesdrop on nearby conversations.

In the past, this eavesdropping has usually been done via the victim's 
own cell phone or other device. But Farley and Wang describe a way to 
bug nearby devices belonging to nearby users to achieve similar results.

Under the researchers' concept, called a "roving bugnet," the 
eavesdropper would use a piece of malware called a "bugbot" to listen in 
on in-person interactions via a nearby smartphone or laptop. Such 
attacks would be more likely to target specific people (such as an 
executive or a spouse) than as a broad attack, the researchers say.

Farley and Wang conducted experiments on Windows XP and Mac OS laptops. 
The researchers directed their bugbot to join an Internet Relay Chat 
channel so they could remotely enable and disable each laptop's 
microphone, streaming real-time conversations nearby. The same thing, 
they said, could be done on almost any smartphone.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Thu May 27 2010 - 01:21:05 PDT

This archive was generated by hypermail 2.2.0 : Thu May 27 2010 - 01:26:24 PDT