Published October 16, 2008
Some of the most vicious Internet predators are hackers who infect thousands of PCs with special viruses and lash the machines together into "botnets" to pump out spam or attack other computers.
Now security researchers say cell phones, and not just PCs, are the next likely conscripts into the automated armies.
The mobile phone as zombie computer is one possibility envisioned by security researchers from Georgia Tech in a new report coming out Wednesday.
The report identifies the growing power of cell phones to open a new avenue of attack for hackers.
Of particular concern is that as cell phones get more computing power and better Internet connections, hackers can capitalize on vulnerabilities in mobile-phone operating systems or Web applications.
Botnets, or networks of infected or robot PCs, are the weapons of choice when it comes to spam and so-called "denial of service attacks," in which computer servers are overwhelmed with Internet traffic to shut them down.
For example, botnets were used against Estonia's government and financial Web sites in a devastating wave of attacks last year.
Botnets are so troubling because they have massive computing power and a seemingly endless supply of newly infected PCs to replace old ones that are wiped clean or taken offline.
Millions of PC have fallen victim. The owners typically never know.
The Georgia Tech researchers say that if cell phones become absorbed in botnets, new types of moneymaking scams could be born.
For example, infected phones could be programmed to call pay-per-minute 1-900 numbers or to buy ringtones from companies set up by the criminals.
"The question is, can they do it effectively — make a lot of money without much risk?" said botnet expert Joe Stewart, director of malware research with SecureWorks Inc. "And if they can, then they will do it."
The Georgia Tech researchers say a big appeal of cell phones for hackers is that the devices are generally always on, they're sending and receiving more data, and they typically have poor security.
Antivirus software would suck up massive amounts of battery life, which is a killer on a mobile device.
"This is the perfect platform [for hackers]," said Patrick Traynor, an assistant professor of computer science at Georgia Tech and a contributor to its Emerging Cyber Threats Report.
One big hurdle hackers will face is learning how the cellular networks work and adapting their attacks.
Unlike the wide-open world of Internet providers, cell phone operators have tighter control over their networks, which means they could shut down the lines of communication between infected phones much easier.
Traynor noted that researchers have very little hard evidence that hackers are already targeting cell phones. But successfully attacking cell phones requires that people do a lot of Internet browsing and downloading programs onto their phones, and that is just starting to happen now.
"There are some challenges for the adversaries, but we've seen them overcome the challenges in their way before," Traynor said.