A new research shows criminals can soon start using hard-to-detect methods involving lighting or vibration and music to launch malware attacks on mobile devices. The revelation was made in the research prepared by researchers at the University of Alabama at Birmingham (UAB), presented at 8th Association for Computing Machinery (ACM) Symposium on Information, Computer and Communications Security (ASIACCS) in Hangzhou, China.
"When you go to an arena or Starbucks, you don't expect the music to have a hidden message, so this is a big paradigm shift because the public sees only emails and the Internet as vulnerable to malware attacks," said Ragib Hasan, assistant professor of computer and information sciences and director of the UAB SECuRE and Trustworthy (SECRET) computing lab.
"We devote a lot of our efforts towards securing traditional communication channels. But when bad guys use such hidden and unexpected methods to communicate, it is difficult if not impossible to detect that," Hasan said.
The UAB researchers succeeded in triggering malware in mobile devices from 55 feet away in a crowded hallway using music. They also launched malware at various distances using music videos, lighting from TV, computer and overhead bulbs and vibrations from a subwoofer.
"We showed that these sensory channels can be used to send short messages that may eventually be used to trigger a mass-signal attack," said Nitesh Saxena, director of the UAB Security and Privacy in Emerging computing and networking Systems (SPIES) research group and assistant professor in the Center for Information Assurance and Joint Forensics Research (CIA-JFR).
"While traditional networking communication used to send such triggers can be detected relatively easily, there does not seem to be a good way to detect such covert channels currently," Saxena said.
Researchers succeeded in triggering malware with a bandwidth of only five bits per second - a fraction of the bandwidth that's used by laptops or home computers.
"This kind of attack is sophisticated and difficult to build, but it will become increasingly easier to accomplish in the future as technology improves," said Shams Zawoad, a doctoral student and graduate assistant in the SECRET computing lab.
"We need to create defenses before these attacks become widespread, so it is better that we find out these techniques first and stay one step ahead," Zawoad said.