The Rutgers' scientists developed a rootkit that affects three distinct parts of a smart phone: the microphone, the GPS and the battery. The rootkit wasn't meant to actually infect commercial phones; it was merely meant to show what was possible and encourage research to combat these threats.
Using the rootkit, the Rutgers scientists could turn on the phone's microphone anytime they wanted, eavesdropping on nearby conversations. The rootkit also sent the phone's location, using the GPS system, back to the scientists, allowing them to track the phone and the person using it anywhere. The researchers also used the rootkit to drain the phone's battery by activating power-hungry hardware like the GPS receiver and the Bluetooth.
Unless the phone's owner is paying special attention to their device, the user is unlikely to realize anything was amiss.
Manipulating these three systems alone can cause considerable damage, but this is just the tip of the iceberg, according to Ganapathy and Iftode.
Rootkits could affect other parts of the phone as well, including the camera, the touchscreen and even programs as seemingly sacrosanct as the number pad. When a person goes to dial, say, Bank of America to check their account balance, a hacker could redirect the phone call to another device, said Iftode. By the end of the conversation, the hacker could walk away with a person's bank account number.