In a presentation at TakeDownCon in Las Vegas today, security researcher Georgia Weidman demonstrated how malware on smartphones could be used to create smartphone "botnets" that could be used in the same way as PC botnets, providing hackers with a way to insert code between the operating system's security layers and the cell network. In an interview with Ars Technica, Weidman said that the approaches used by Carrier IQ developers to create phone monitoring software could be adopted by hackers as well to create botnets that could silently steal users' data, or send data without users' knowledge. "From what I've seen in Carrier IQ, they just didn't think about what they were going to do," Weidman said. "But malware writers are going to take advantage of those techniques.

Weidman's Android proof-of-concept botnet installs itself in a fashion similar to the DroidDream malware, a trojan that could record phone conversations. The proof-of-concept botnet payload could be spread in several ways—either as part of a malicious application on an app store, or through a Web link sent to the smartphone or clicked in the mobile browser. "It 'roots' the phone," she said, "and it works as a proxy between the cellular modem and the application layer."

By installing itself at a low level in the phone's operating system, it gets below the privilege model of Android, and is able to perform tasks without alerting the user. Weidman said that on iOS devices, a similar botnet could potentially be distributed as part of a "jailbreak" package.

Weidman's research primarily focused on how botnets could be used by spammers to distribute SMS messages from users' phones. A botnet could either be fed a list of phone numbers, or just randomly try to send messages to every possible phone number in an area code. Weidman said that since there's no firewall or spam blocking software for SMS messages, mobile phone SMS spam botnets could be potentially very profitable to spammers.

SMS spam messages could also be used to further spread the botnet through Web links, or as part of an attack on the cell network itself. A botnet "could send out a lot of junk and degrade service to cell towers" in a specific area, Weidman said.

That sort of attack could be used as part of a larger cyberattack, she said. Pointing to the cyber attack on Estonia four years ago, she predicted that "in the future, attacks like this will have a cell phone aspect." Terrorists could also use a botnet as part of a larger attack to prevent people from being able to communicate with first responders, she said.