Is your smartphone really switched off?

"Anyone with an understanding of embedded systems could develop the technology to hibernate, rather than switch off, the handset" - Rob Bamforth, Quocirca

Is your smartphone really switched off?
Is your smartphone really switched off?

Ever since Apple's iPhone kick-started the smartphone revolution off just over seven years ago, reports have been circulating how the National Security Agency - and other state bodies - have had the ability to covertly switch an iPhone or Android handset `back on' without the owner being aware.

Whilst this ostensibly appears technically impossible, it now appears that the rumours may have some substance in the shape of program code that prevents the on-off switch from operating - and merely places the handset into hibernation, switching the screen off in the process.

A discussion on the Security StackExchange forum earlier this week confirms this approach is technically viable - especially in an age of multi-core smartphones, with the handset surfacing from hibernation every so often to take orders from a suitable remote command-and-control server.

Trend Micro security evangelist Rik Ferguson famously illustrated how to turn an Android handset into a remote audio-visual surveillance device using covert code at the Mobile World Congress in Barcelona back in 2012 but on the other side of the coin - malware capable of hibernating a smartphone for long periods - has not yet been seen in the wild.

The general consensus amongst security experts is that the coding potential for this malware certainly exists.

Keith Bird, UK managing director with Check Point, said that the possibility that this type of malware exists poses a number of concerns for businesses and individuals alike.

"It also further highlights the advancing sophistication that those behind stealthy malware are developing," he said, adding that a recent Check Point survey of 800 IT professionals found that 63 percent of organisations that allowed personally-owned mobile devices to connect to their corporate networks did not manage corporate information on those devices.

Against this backdrop, Bird argues that the threat posed by smartphone hibernation malware should not be underestimated.

"It goes to show once again how important multiple layers of protection are across all internet connected devices to protect a company network and illustrates the critical role sharing threat intelligence can be in helping organisations keep up to speed with new attacks so they can adequately defend themselves against malware," he explained.

Steve Smith, managing director of data security firm Pentura, agreed, saying that reports of a stealthy malware that enables hackers to operate while the owner believes the device to be switched off should be deeply concerning for consumers and businesses alike.

"Such access puts a plethora of sensitive personal and corporate data at risk of being lost," he said, adding that it is inevitable that cyber-criminals will target smartphones and tablets in this way.

In view of this, Smith says that this highlights a need to regularly review any mobile or bring your own device (BYOD) security strategy, with particular consideration paid to security build reviews, configuration management and user training.

"By addressing these areas business will put themselves in a better position to protect their data from the threat of malware," he explained.

Rob Bamforth, a principal analyst with Quocirca, said that covert hibernation malware on smartphones is a possibility - and highlights the fact that the mobiles in people's pockets and purses today are highly sophisticated devices.

"If you look at the Qualcomm chipsets in most smartphones, this becomes very obvious," he said, adding that disassembling the code of the processor would give hackers access to the knowledge they need to intercept the on-off switch command and place the smartphone into a covert hibernation mode.

He told SCMagazineUK.com that it is important to understand that modern smartphones actually have more than one operating system (OS) under the hood, meaning that, whilst the main OS may appear to be off, some elements of the processor may still be working using the underlying OS.

"Most people think their smartphone is a small microcomputer. This actually isn't the case, as they are usually two or more microprocessors running, meaning that anyone with an understanding of embedded systems could develop the technology to hibernate, rather than switch off, the handset," he explained.