Researchers at the University of Alabama at Birmingham (UAB) presented the research that it is possible to trigger malware hidden in mobile devices using music, lighting, or vibration.
In a research paper titled "Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices", the researchers reported that they triggered malware hidden in mobile devices using music from 17 meters away in a crowded hallway.
Malware once activated would carry out programmed attacks either by itself or as part of a wider botnet of mobile devices. Presenting their findings at a conference earlier this month, the researchers explained how sensors in ubiquitous mobile devices have opened the door to a new generation of mobile malware that unsuspecting users unwittingly downloaded onto their devices.
Since the trigger needs to be relatively close to the smartphone to active any hidden malware, any threats would be limited to the local environment. "We showed that these sensory channels can be used to send short messages that may eventually be used to trigger a mass-signal attack,"
The researchers found that cameras and microphones were the most effective way to trigger malware, but also noted that a heavy bass pattern could trigger the vibration sensor. They were also successful, at various distances, using music videos; lighting from a television, computer monitor and overhead bulbs; vibrations from a sub woofer; and magnetic fields.
As a possible defense, they suggested that anti-malware software should scan sensor data for signs of any hacks. "We need to create defenses before these attacks become widespread, so it is better that we find out these techniques first and stay one step ahead,".