Cafe, Mall Music Could Trigger Malware
That Goyte song you’ve heard a thousand times while waiting in line at Starbucks for your venti soy latte? Turns out it could trigger malware on your phone.
Researchers at the University of Alabama Birmingham (UAB) have discovered inconspicuous ways for hackers to gain access to mobile device malware simply by using music, lighting or vibration.
In a collaboration between the UAB SECuRE and Trustworthy (SECRET) computing lab and the UAB Security and Privacy in Emerging computing and networking Systems (SPIES) research group, a team was able to trigger malware hidden in mobile devices from 55 feet away in a crowded hallway by using music.
Researchers also reported using music videos, subwoofer vibrations, magnetic fields and the light from a television, computer monitor and light bulbs to successfully trigger malware. And they did so with a bandwidth of only five bits per second — fraction of what laptop and home PCs use.
“We showed that these sensory channels can be used to send short messages that may eventually be used to trigger a mass-signal attack,” Nitesh Saxena, director of the SPIES research group, said in a press release. “While traditional networking communication used to send such triggers can be detected relatively easily, there does not seem to be a good way to detect such covert channels currently.”
While the public stimuli wouldn’t install the malware, the fact that our mobile devices are always on, feeling around with audio and visual sensors, leaves them vulnerable. Especially if malware has been previously installed.
“When you go to an arena or Starbucks, you don’t expect the music to have a hidden message, so this is a big paradigm shift because the public sees only emails and the Internet as vulnerable to malware attacks,” said Ragib Hasan, assistant professor of computer and information sciences and director of the SECRET computing lab. “We devote a lot of our efforts towards securing traditional communication channels. But when bad guys use such hidden and unexpected methods to communicate, it is difficult if not impossible to detect that.”