Cellular PDAs with RATs in the datawalls.

24 July 2007

RATs meaning remote access tools, that is. Malware that conceals itself in a system and lets someone on the outside with the right application and credentials connect and manipulate the system remotely. The classic such utility is Back Orifice by the Cult of the Dead Cow, and was probably the first of its kind which let you do such things as mess with the mouse cursor and typed text, flip the display upside down, access the webcam, and open or close the CD-ROM.

It seems that combination cellphone/PDA's are now advanced enough to be targeted. Nowadays many cellphones have digital cameras built into them, as well as general purpose RAM and storage, microphones for speakerphones, and at least one form of networking capability (sometimes more - Bluetooth and Wi-Fi are increasingly common on lower-end phones these days). Also, a great deal of information is actually stored locally, so the contents of a phone falling into the wrong hands could be disasterous (remember what happened to Paris Hilton back in 2005?) because everything from stored passwords (you do encrypt, right?) to contact information to cached text messages and e-mails are stored in the unit. As if that weren't enough, GPS units are now being built into phones; incidentally, I use the one built into my own along with a portable version of Google Maps to navigate, so the technology is certainly feasible. Feasible enough to abuse, I should think.

Word's been going around for a couple of months now that there are people being stalked through their cellphones. They're getting text messages from Someone Out There with near-realtime images captured from the cameras. Text messages are being sent from their phones without their knowledge. Audio recordings were played back of not only their voicemail but things that went on around them because someone silently turned on the speakerphone to use it as a bug. It would be possible for an attacker to go through the datastore of the phone to see who called whom in which direction and pull stored contact information, too, because that's kept in the phone as well as with the cellular provider.0

The hell of it is, there are applications on the market that already do a few of these things. If you added them together, they could theoretically replicate all of these unusual happenings. However, all it would really take is a small number of people (one person, really) with a development kit for a particular phone or embedded operating system used in cellphones to write a single application to do all of these things, and potentially more. The trick then is actually infecting a phone - either someone would have to get hold of your phone to install a new application on the sly, or the user of a phone would have to be tricked into downloading and installing malware. It would be far easier, however, to get cellphone users to browse a malicious website or open a text message that exploits a bug in the phone's software.

It's not so far-fetched - the Apple iPhone very well might have such a bug.

As always everyone, forewarned is unflatlined. Be careful out there.