Âé¶ą´«Ă˝

‘Bugnets’ eavesdrop on you wherever you go

The multitude of smartphones and computers we carry around could be hacked to create a sophisticated eavesdropping network
Is that an innocent phone or a corrupted traitor in your hand?
Is that an innocent phone or a corrupted traitor in your hand?
(Image: Marja Airio/Rex Features)

THE notion that a hacker could eavesdrop on you by commandeering your smartphone or your computer’s microphone is not new. But such bugging attempts could soon become far more powerful, even giving attackers the ability to monitor a target’s utterances almost anywhere they go – even if that target is nowhere near any of their own gadgets.

As people embrace smartphones and notebook computers, which can remain more-or-less permanently connected to the internet, they have unwittingly ensured that they are never far from a potential electronic eavesdropper, warn and at George Mason University in Fairfax, Virginia.

One side effect of this boom in connectedness is that a hacker only has to compromise your favoured device with a microphone-tapping spyware virus to monitor virtually all of your conversations, transmitting them whenever the device links to the internet (Computers & Security, DOI: ).

But the pair suspect that because hackers have become adept at managing vast networks of compromised computers – called botnets – a new menace may emerge: attackers could extend their audio surveillance to any computer or phone that their target regularly comes into contact with. “It does not have to be under the control of the victim,” says Farley.

Using knowledge of their target’s lifestyle, a combination of social engineering and phishing could be employed to compromise the computers or devices of those they come near to. “That could be a Wi-Fi-connected laptop of a stranger who’s often close to the victim in a coffee shop, or a supposedly idle computer in a conference room the victim uses frequently,” says Wang.

Once such computers have been added to this roving eavesdropping network, dubbed a “bugnet”, they could then be controlled to transmit live audio on demand, such as when the target is expected to be nearby.

The researchers wrote software for PC and Mac computers to demonstrate their bugnet concept.

One security expert, speaking on condition of anonymity, reckoned the bugnet attack demonstrated is currently too crude to pose a serious threat. “Their infection-point either used an unpatched version of Windows XP, or a tailored installer on Mac OS X,” he says. It is unlikely any worthwhile target will used Windows unpatched, and few Apple Mac users would voluntarily install unknown software, he adds.

Topics: Computer crime