Sensing-enabled channels for hard-to-detect command and control of mobile devices

Autor: Tzipora Haleviz, Nitesh Saxena, Ragib Hasan, Shams Zawoad, Dustin Rinehart
Rok vydání: 2013
Předmět:
Zdroj: AsiaCCS
Popis: The proliferation of mobile computing devices has enabled immense opportunities for everyday users. At the same time, however, this has opened up new, and perhaps more severe, possibilities for attacks. In this paper, we explore a novel generation of mobile malware that exploits the rich variety of sensors available on current mobile devices.Two properties distinguish the proposed malware from the existing state-of-the-art. First, in addition to the misuse of the various traditional services available on modern mobile devices, this malware can be used for the purpose of targeted context-aware attacks. Second, this malware can be commanded and controlled over context-aware, out-of-band channels as opposed to a centralized infrastructure. These communication channels can be used to quickly reach out to a large number of infected devices, while offering a high degree of undetectability. In particular, unlike traditional network-based communication, the proposed sensing-enabled channels cannot be detected by monitoring the cellular or wireless communication networks. To demonstrate the feasibility of our proposed attack, we present different flavors of command and control channels based on acoustic, visual, magnetic and vibrational signaling. We further build and test a proof-of-concept Android application implementing many such channels.
Databáze: OpenAIRE