Georgia Tech to Lead Fight Against Cell Phone Hackers

Read Comments
Print Article
Email Article
Larger
Smaller
Updated 7/14/2009 9:44:11 AM

Ben Mayer

ATLANTA -- If you look past the clutter-the unused computers, the blank monitors, the utility shelves, the brown boxes stacked in the corner, you can see a nerve center for a war against hackers.

"This is where a row of flatscreen panels will go and we'll have a glass wall here," Jon Giffin said. "We're actually going to carve out a part of this lab and put in monitoring systems that will let us understand the security state of the internet worldwide." Giffin is an assistant professor at Georgia Tech's Institute of Computer Science and he's proudly displaying what will eventually be an "Internet War Room".

Georgia Tech has won a three-year, $500,000 grant from the National Science Foundation, to bulwark the newest target for hackers: the cell phone.

Mobile phone technology has exploded over the last decade, in effect becoming miniature desktop computers, but in many cases lacking sophisticated security software. Cell phones have more points of vulnerability, with multiple "radios" or connections-WiFi, Bluetooth, email, and text functions on many new smart phones, to say nothing of malware snuck into downloaded applications.

As their computing power increases, mobile phones become all the more desirable of a target. Greater power means more sophisticated applications, requiring sensitive personal information-everything from banking information, to credit card numbers, to medical data in the future.

Still, the deadline is pressing. Last week, for instance, someone hacked the iPhone 3Gs and posted instructions on the web.

"We haven't had widespread attacks against cell phones," assistant professor Patrick Traynor says. "What we're trying to do is keep that from happening in the first place or if it does happen be prepared with a good response."

The task is a daunting one. The project is the first of its kind in the nation. Giffin and Traynor will lead a team of Ph.D.'s to develop philosophies to guide the industry and academia alike.

"We assume the attacks will eventually be successful and this comes from years of experience on the desktop space," Giffin said.

The fix they say, may lie on the provider's side. They are exploring the ability of a cell phone provider to remotely wipe clean a mobile device if it has been stolen or compromised. They will set up miniature "cell networks", using Femtocells (essentially small cell towers), and donated phones. The team will compromise the network, and then try to figure out the best way to return it to normal.

In the end, they will produce papers and programs to present to the academic world and to mobile companies to develop.

It is easy to get swept up in visions of worst-case-scenarios and global tête-à-têtes of hackers and security programmers, exchanging digital blows. Giffin and Traynor can think up situations that would make James Bond writers blush, like malware that turns your cell phone into a covert microphone or spambots that prey on Bluetooth, infecting other devices as you walk by.

"It makes it much more similar to a standard virus that goes between humans, because Bluetooth has very short distance," Giffin said. "So you can envision someone walking into a subway train for example where there are a number of people on the train. You have one phone that suddenly starts infecting the other phones on the train."

"Or a virus may not just use your phone as a relay to send spam, it might actually target it to steal that sensitive information," Traynor said.

And the target may not always be the phone itself, but the network.

"There's an expectation that my phone always works. I pick it up. I make a call. It always goes through. What happens when you get a busy signal? The first thing you do is dial again," Traynor said.

A virus, he said, could prey on that tendency, creating a system error that leads users to dial over and over, creating a network logjam.

Mobile providers say they are not yet seeing widespread hacking attempts and the ones that are going on are not prevalent enough to be of real concern. The larger concern, they say, is texted spam.

"We have aggressive filters, behind the scenes network and virus traps that prevent spam from getting to consumers," AT&T spokesperson Dawn Benton said.

Traynor admits the so-far modest attempts are not cause for alarm, at least not yet. You need only go to a local cell phone store to see one of the reasons why: a multitude of brands and models of cell phones-each using different operating systems and networks.

"In the future we're just going to have four or five different operating systems," Traynor said. "And we're only going to have four or five hardware configurations. Malware is going to start being much more successful."

And as Giffin points out, virus and malware writers are becoming more successful at evading security software on desktops and to expect the same for phones.

Perhaps one of the greatest roadblocks to better security software is the device itself, and the person using it.

"I can run any software I want on my desktop computer because it's plugged into the wall. But if I'm constantly scanning my phone with antivirus, I'm using a lot more battery than I used to," Giffin said. "So when it comes down to it, am I going to protect my phone against a virus or shut it off to make another phone call? My bet is the phone call wins."

In Your Voice

Commenting is intended as a constructive, open community forum. Please read our terms of service guidelines and abide by them when commenting. Comments are automatically removed for review after three reports of abuse by public users, such as you. If you have further questions about the comment policy, you may contact the webmaster using this form.