Bad guys armed with computers might remotely and secretly drain the batteries of cell phones, a new study shows. By commandeering communications channels that cell phones use to capture images and video from the Internet, attackers might repeatedly awaken an idle phone from a low-power slumber into a state of readiness that saps its electric power.
In multiple tests on a Nokia 6620 phone, computer scientists Hao Chen, Denys Ma, and Radmilo Racic of the University of California, Davis used a fake server to repeatedly send information to the phone, depleting the device’s battery in an average of 7 hours. The phone would ordinarily run for 156 hours on one charge. Tests on two other types of phones also resulted in dramatic drops in battery-charge duration.
The simulated attacks took place through two commercial–cell phone networks without triggering any alarms, the team reports.
Chen’s team proposes several ways to thwart such attacks. In particular, changes to cell phone networks could enable their equipment to recognize the pattern of Internet message traffic during a battery attack, Chen says.
Racic presented the new study Aug. 30 in Baltimore at a computer-security conference.