ISU Professor takes on Threat of Espionage via Hacked Smartphones

It’s not exactly dinner-table conversation, but cyber insecurity is bearing down on everyone from company CEOs to generals at U.S. military bases overseas.Recent incidents, particularly the hacking of government websites by the group Anonymous and the theft of confidential data from online retailers like Zappos, have raised questions about Internet safety. Congress’ recent introduction of the Stop Online Piracy Act exposed how complex the issue has become.In an age where most American businesses are reliant on computers to help run their day-to-day operations, and citizens habitually keep their tablets or smart phones within reach, the task of locking out cyber threats has become increasingly difficult.Suraj Kothari, a professor of electrical and computer engineering, is researching how to ward off cyber infiltration. His newest endeavor, a $4.1 million project to develop security software for Android-powered smart phones, could potentially affect every American with a hand-held mobile device.“We hear about cyber security,” Kothari said, “For example, a computer can be attacked, and you will see things on your disk are wiped out so you know something bad has happened. Now, there are new types of attacks that are going to happen or maybe are happening now. Your cell phone has been compromised, but you don’t even know it has been compromised.”In conjunction with Iowa-based EnSoft Corp., a software management company, Kothari is developing a tool to analyze potentially malicious software on Android phones.His research, funded through the Defense Advanced Research Projects Agency (DARPA), will focus on software applications commonly used by members of the U.S. military who carry smart phones.• • •Since the incident in 2005 when Paris Hilton’s cell phone was hacked and explicit photos were leaked onto the Internet, the ease of hacking into personal devices has become ordinary for some and frightening for others.In the case of military phones, keeping sensitive information out of the wrong hands could be key to American national security.

“Let’s say a general is talking to somebody else and that conversation is being leaked through the phone because the phone is interacting with the outside world … but somebody has now sneaked in software which is taking sensitive information and leaking it out to other sources,” Kothari said. “And the person who is using the phone doesn’t even know that’s what’s happening. That would be a very serious problem.”

Jeremías Sauceda, a co-principal researcher, said there haven’t been any major hacking incidents on military phones. But, he said, funding research in this area will hopefully help prevent dangerous episodes in the future.

“It’s not that some incident has happened and they are responding,” Sauceda said. “They are being proactive. Now they want to equip their personnel with smart phones. In the process of adopting that technology, they need to make sure it’s secure.”

Sauceda is a researcher for EnSoft Corp., a company located at ISU’s Research Park. Using Kothari’s innovations, Sauceda will develop a product that can be installed on military phones by the end of the 3 1/2-year project.

The idea isn’t simple, but it also isn’t new.

The project, which officially kicks off Feb. 22, will use techniques Kothari has been developing over a 15-year professional career in software analysis.

“Forty or 50 years ago, if somebody went to a doctor, the doctor would say, ‘OK, what are your symptoms?’ … The doctor is observing what’s going on in your body from the outside,” he said. “Testing is like that.”

Kothari’s analysis, however, looks at the software from the inside out, making his technique more like a modern doctor’s MRI machine.

“This is a very different way of analyzing and understanding software,” Kothari said, “and one application of it is to improve reliability.”

Downloadable mobile apps, which are often updated by their developer to improve usability, pose a tricky problem for software analysts who only rely on testing-based methods. Kothari said his goal is to develop a tool capable of probing a downloaded app and understanding its content, even after multiple updates or changes are made to the program.

February 13, 2012 by Hannah Furfaro