Smartphone Spying Tools Mylonas Alexios



Similar documents
Mobile Software Development Services

Status of cell phone malware in 2007 Mikko Hypponen Chief Research Officer F-Secure Corporation

Attacks against Smartphones

Trust Digital Best Practices

Reminders. Lab opens from today. Many students want to use the extra I/O pins on

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Considerations for Mobile Application Development

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Mobile Devices and Malicious Code Attack Prevention

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Running head: MOBILE PHONE SECURITY. Mobile Phone Security. Benny C. Rayner. East Carolina University

Tutorial on Smartphone Security

Windows Phone 7 Internals and Exploitability

Security challenges for internet technologies on mobile devices

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices

Mobile Application Security Sharing Session May 2013

Android Commercial Spyware Disease and Medication

Version 1.3. Kaspersky Lab FOR INTERNAL USE ONLY

ICS 413 Application Development for Mobile Devices (3 Credits Elective) Course Duration:

Kaspersky Security 10 for Mobile Implementation Guide

Successful Mobile Deployments Require Robust Security

10 best practice suggestions for common smartphone threats

Cross-Platform Mobile Apps Solution

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Sophos Mobile Control Technical guide

Mobile Operating Systems. Week I

Development of mobile applications for multiple platforms

The Mobile Malware Problem

Introduction to Android

BlackBerry Device Software. Protecting BlackBerry Smartphones Against Malware. Security Note

SECURING TODAY S MOBILE WORKFORCE

FortiClient dialup-client configurations

An Introduction to Android

The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager

Enterprise Mobile Management

Spyware Analysis. Security Event - April 28, 2004 Page 1

Security Threats for Mobile Platforms

Enterprise Application Security Workshop Series

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Java Platform, Micro Edition (Java ME) Mokoena F.R. The 7046 Team

Mobile Phones Operating Systems

Smartphone market share

Reverse Engineering and Computer Security

Changing the embedded development model with Microsoft.NET Micro Framework

Symbian phone Security

Introduction to IBM Worklight Mobile Platform

Windows Phone 8 Security Overview

Secure Your Mobile Workplace

Smartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved

Windows Phone 7 from a Digital Forensics Perspective

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Mobile Application Test Automation Best Practices for Best Results. A white paper from Mobile Labs, Inc.

Learn the fundamentals of Software Development and Hacking of the iphone Operating System.

Connect Here. Go Anywhere.

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

Course Summary. Prerequisites

Managing Web Security in an Increasingly Challenging Threat Landscape

Cross-platform IL code manipulation library for runtime instrumentation of.net applications

Introduction to Virtual Machines

Introduction to Oracle Mobile Application Framework Raghu Srinivasan, Director Development Mobile and Cloud Development Tools Oracle

Pentesting Mobile Applications

Mobile Development Discovery Document

Djigzo encryption. Djigzo white paper

The User is Evolving. July 12, 2011

OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016

Kaspersky Endpoint Security 10 for Windows. Deployment guide

A Review of Different Comparative Studies on Mobile Operating System

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Research on Situation and Key Issues of Smart Mobile Terminal Security

Developing Mapping Applications with ArcGIS Runtime SDK for Windows Mobile. Jay Chen Justin Colville

Smartphone Development Tutorial

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN:

Smartphone security evaluation - the malware attack case

Introduction (Contd )

The smartphone revolution

MOBILE MALWARE REPORT

Creating A Culture of Security and Privacy in the Digital Age. Dave Welsh Microsoft Corporation dmwelsh@microsoft.com

TECHNICAL VULNERABILITY & PATCH MANAGEMENT

Mobile Security Threats and Issues -- A Broad Overview of Mobile Device Security

Spyware Doctor Enterprise Technical Data Sheet

BYOD: BRING YOUR OWN DEVICE.

Getting to Know the Tools

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

ECE 455/555 Embedded System Design. Android Programming. Wei Gao. Fall

BOYD- Empowering Users, Not Weakening Security

Mobile Device Management and Security Glossary

Practical Attacks against MDM Solutions (and What Can You Do About It)

Iron Speed Designer Installation Guide

Advanced ANDROID & ios Hands-on Exploitation

ORACLE MOBILE APPLICATION FRAMEWORK DATA SHEET

DJIGZO ENCRYPTION. Djigzo white paper

Total Defense Endpoint Premium r12

Technology Services...Ahead of Times. Enterprise Application on ipad

Presented Talk : PoC(k)ET, les détails d'un rootkit pour Windows Mobile 6. Sogeti - ESEC R&D

Windows Vista: Is it secure enough for business?

Simplifying the Challenges of Mobile Device Security

Computer Security Maintenance Information and Self-Check Activities

DETECTION OF CONTRAVENTION IN MOBILE CLOUD SERVICES

Transcription:

Smartphone Spying Tools Mylonas Alexios Student Number: 100588864 Supervisor: Keith Martin Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway, University of London. I declare that this assignment is all my own work and that I have acknowledged all quotations from the published or unpublished works of other people. I declare that I have also read the statements on plagiarism in Section 1 of the Regulations Governing Examination and Assessment Offences and in accordance with it I submit this project report as my own work. Signature: Alexios Mylonas Date: 5-9-2008

Abstract In this thesis we examine spying tools running on smartphones, mobile phones where the user can extend their functionality by installing third-party applications. We identify the data which are collected and the methods that the spyware uses to leak the data back to an attacker. We emphasize the security risks that emerge (a) from the use of an identifiable operating system in smartphones and (b) by the execution of unsigned applications, which utilize functionality provided by libraries available for smartphone application development. As proof-of-concept attacks on smartphones, we implement two spying tools running on the Windows Mobile 6 operating system. Furthermore, we implement two different spyware infection vectors for the Windows Mobile device: a) a Trojan horse which uses spoofing system frames and download and execute capability and b) a proof-of-concept code injection attack on a Windows Mobile application. Finally, we propose anti-spyware solutions mitigating smartphone spyware, either before or after the device infection and we provide an implementation of a Windows Mobile spyware removal utility. ii

Chapter 8 Conclusion As mentioned beforehand, smartphones are devices containing various types of personal information. As the popularity of these devices increases, so does the interest of the attackers to find and exploit vulnerabilities in these devices and acquire this data. Their potential attacks are aided by the functionality provided by the operating system running in the smartphone, through APIs and by the fact that in some cases the operating system allows execution of unsigned applications. In this project we demonstrated the types of data that spyware authors are collecting from infected devices. As proof-of-concept attacks, we implemented spyware running on Windows Mobile 6 devices, devices where the execution of unsigned applications is permitted. The implementations use functionality, provided to the developers from the API of the CNF. Additionally, for the infection of the devices we implemented a Trojan horse with download and execute capability and demonstrated a proof-ofconcept MSIL injection attack in an unsigned utility application written for Windows Mobile 6. At the end of the thesis, we propose anti-spyware solutions combating the spyware, either before or after the device infection. Furthermore, we implemented a spyware removal utility demo, which breaks the operation of spyware that are intercepting SMS messages without the user knowing. Experience in desktop computer malware has shown that the motivation of malware writers is changing. The malware writers who exploit vulnerabilities for fun or out of curiosity are becoming rare, since attackers nowadays are trying to make money out of their attacks. Since smartphones have a built-in billing system, they are an attractive target for organized crime, since profit can be made, even if the target does not have a bank account or a credit card number. As a result we believe smartphone malware will have a serious security issue in the near future, so the security experts should be able to supply users with technological and non- technological solutions. iii

References [AP08] Apple, iphone Developer Program, 2008 http://developer.apple.com/iphone/program/ [CA08] Canalys, Worldwide smart mobile device market, Canalys Q4 2007, 2008 http://www.canalys.com/pr/2008/r2008021.htm [EC06] Ecma International, Standard ECMA-335 Common Language Infrastructure (CLI) 4 th Edition, June 2006, http://www.ecma-international.org/publications/standards/ecma-335.htm [EL08] ELMS, MSDNAA Online Software System, 2008 http://msdn61.e-academy.com/rh_ul [EM08] Erez Metula,.NET reverse engineering, 2008, http://download.microsoft.com/download/7/7/b/77b7a327-8b92-4356- bb18- bc01e09abef3/m5p.pdf [ES08] Erica Sadun, The Unofficial Apple Weblog - iphone Hacking 101: Jailbreaking, 2008 http://www.tuaw.com/2007/08/08/iphone-hacking-101-jailbreaking/ [FL08] [FS06] [FS07] FlexiSPY, How FlexiSPY costs compare to NEOCOSTS SMS Forwarding, 2008, http://www.flexispy.com/neocostdetail.htm. F-Secure Corporation, F-Secure Malware Information Pages: Cabir, January 2006, http://www.f-secure.com/v-descs/cabir.shtml F-Secure Corporation, F-Secure Malware Information Pages: Commwarrior, March 07, http://www.f-secure.com/v-descs/commwarrior.shtml [FS08] F-Secure Corporation, F-Secure Malware Code Glossary, 2008 http://www.f-secure.com/glossary/eng/malware-code-glossary.shtml [GJ07] GetJar, Super Bluetooth Hack / free download, 2008 http://www.getjar.com/products/13076/superbluetoothhack [HA08] Open Handset Alliance, Android - An Open Handset Alliance Project, 2008 http://code.google.com/android/what-is-android.html [HP08] Hewlett-Packard Development Company, Glossary, 2008, http://docs.hp.com/en/32650-90871/go01.html [JN04] [JN08] Jarno Niemela F-Secure Corporation, F-Secure Virus Descriptions: Mquito, August 2004, http://www.f-secure.com/v-descs/mquito.shtml Jarno Niemelä Senior Anti-Virus Researcher F-Secure, Detecting Mobile Phone Spy Tool, Black Hat Europe 2008 Media Archives, iv

http://www.blackhat.com/presentations/bh-europe- 08/Niemela/Presentation/bh-eu-08-niemela.pdf. [JP94] J.Postel, Domain Name System Structure and Delegation, March 1994, http://www.ietf.org/rfc/rfc1591.txt [JZ08] J Zhang, Location Management in Cellular Networks, 2004, http://www.cse.fau.edu/~jie/teaching/ fall_2004_files/locationmanagement.pdf [KM08] [MH07] K. Mayes K. Markantonakis, Smart Cards, Tokens, Security and Applications, Springer Science and Business Media, 2008. Mikko Hypponen Chief Research Officer, F-Secure, Status of Cell Phone Malware in 2007 - Black Hat USA 2007 Media Archives, 2007 http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html [M1] Microsoft, Windows Mobile 6, March 2008, http://msdn.microsoft.com/en-us/library/bb847935.aspx [M2] Microsoft, Windows Embedded CE, March 2008, http://msdn.microsoft.com/en-us/library/bb847932.aspx [M3] Microsoft, For Visual Studio Developers, 2008, http://msdn.microsoft.com/en-us/windowsmobile/bb250545.aspx [M4] Microsoft, Visual C#, 2008, http://msdn.microsoft.com/en-us/library/kx37x362(vs.80).aspx [M5] Microsoft, Visual Basic.NET Language Specification, 2008, http://msdn.microsoft.com/en-us/library/aa712050(vs.71).aspx [M6] Microsoft, Visual C++, 2008, http://msdn.microsoft.com/en-us/library/60k1461a(vs.80).aspx [M7] Microsoft, Visual Studio 2008, March 2008 http://msdn.microsoft.com/en-us/library/aa187917.aspx [M8] Microsoft, Getting Started in Developing Applications for Windows Mobile 6, March 2008, http://msdn.microsoft.com/en-us/library/bb158522.aspx [M9] Microsoft, What's New in Naming Conventions for Windows Mobile 6, March 2008, http://msdn.microsoft.com/en-us/library/bb158525.aspx [M10] Microsoft, Windows Mobile Features (Native), March 2008 http://msdn.microsoft.com/en-us/library/bb158483.aspx [M11] Microsoft,.NET Compact Framework, November 2007 http://msdn.microsoft.com/en-us/library/f44bbwa1.aspx v

[M12] Microsoft, Differences Between the.net Compact Framework and the. NET Framework, November 2007, http://msdn.microsoft.com/en-us/ library/2weec7k5.aspx [M13] Microsoft, What's New in the.net Compact Framework Version 3.5, November 2007, http://msdn.microsoft.com/en-us/library/bb397835.aspx [M14] Microsoft,.NET Compact Framework Downloads, 2008 http://msdn.microsoft.com/en-us/netframework/aa497280.aspx [M15] Microsoft,.NET Compact Framework Architecture, November 2007, http://msdn.microsoft.com/en-us/library/9s7k7ce5.aspx [M16] Microsoft, Using COM Interop in.net Compact Framework 2.0, November 2005, http://msdn.microsoft.com/en-us/library/aa446497.aspx [M17] Microsoft, Platform Invoke Support, November 2007 http://msdn.microsoft.com/en-us/library/h50dxzwx.aspx [M18] Microsoft, Windows Mobile Features (Managed), March 2008 http://msdn.microsoft.com/en-us/library/bb158491.aspx [M19] Microsoft, Messaging API (CE MAPI) Reference, March 2008 http://msdn.microsoft.com/en-us/library/bb415647.aspx [M20] Microsoft, System.IO Namespace, November 2007 http://msdn.microsoft.com/en-us/library/system.io.aspx [M21] Microsoft, System.Net Namespace, November 2007 http://msdn.microsoft.com/en-us/library/system.net.aspx [M22] Microsoft, Windows Mobile Powered Device Security Model, March 2008 http://msdn.microsoft.com/en-us/library/bb416353.aspx [M23] Microsoft, How Device Security Affects Application Execution, November 2007,http://msdn.microsoft.com/en-us/library/bb788289.aspx [M24] Microsoft, Mobile2Market Program, March 2008, http://msdn.microsoft.com/en-us/library/bb416438.aspx [M25] Microsoft, Privileged APIs, March 2008, http://msdn.microsoft.com/enus/library/aa919335.aspx [M26] Microsoft, Cab Provisioning Format (CPF) File, 2008, http://msdn.microsoft.com/en-us/library/ms889557.aspx [M27] Microsoft, Pushing XML OTA Using an OMA Client Provisioning Server, March 2008, http://msdn.microsoft.com/en-us/library/bb737211.aspx vi

[M28] Microsoft, Delivering Applications, March 2008, http://msdn.microsoft.com/en-us/library/bb158729.aspx [M29] Microsoft, Cabinet (.cab) File Overview, March 2008 http://msdn.microsoft.com/en-us/library/aa924314.aspx [M30] Microsoft, CAB Wizard, March 2008 http://msdn.microsoft.com/en-us/library/aa924359.aspx [M31] [M32] Microsoft, CAB Files for Delivering Windows Mobile Applications, March 2008, http://msdn.microsoft.com/en-us/library/bb158712.aspx Microsoft, Automatically Run an Application from a Storage Card, March 2008, http://msdn.microsoft.com/en-us/library/bb159776.aspx [M33] Microsoft, The Application Manager, March 2008, http://msdn.microsoft.com/en-us/library/bb158696.aspx [M34] [M35] Microsoft, Creating an Installer for Windows Mobile Applications, March 2008, http://msdn.microsoft.com/en-us/library/bb158529.aspx Microsoft, Description of Windows Mobile Device Center, February 2007, http://support.microsoft.com/kb/931937 [M36] Microsoft, About the Device Emulator, November 2007 http://msdn.microsoft.com/en-us/library/aa188148.aspx [M37] Microsoft, Device Emulator for Windows Mobile, March 2008 http://msdn.microsoft.com/en-us/library/bb158519.aspx [M38] Microsoft, ARM Technology Guide, 2008, http://msdn.microsoft.com/en-us/library/aa448587.aspx [M39] Microsoft, Saved-State Files, November 2007 http://msdn.microsoft.com/en-us/library/aa188171.aspx [M40] How to: Cradle and Uncradle the Device Emulator, November 2007 http://msdn.microsoft.com/en-us/library/aa188173.aspx [M41] Microsoft, Device Emulator Manager, November 2007 http://msdn.microsoft.com/en-us/library/aa188185.aspx [M42] Microsoft, Cellular Emulator, March 2008 http://msdn.microsoft.com/en-us/library/bb158495.aspx [M43] Microsoft, Cellular Emulator User Interface, March 2008 http://msdn.microsoft.com/en-us/library/bb158487.aspx vii

[M44] Microsoft, Device Security Manager User Interface, November 2007 http://msdn.microsoft.com/en-us/library/bb384038.aspx [M45] Microsoft, Using the FakeGPS Utility, March 2008 http://msdn.microsoft.com/en-us/library/bb158722.aspx [M46] Microsoft, Data Synchronization With ActiveSync, March 2008 http://msdn.microsoft.com/en-us/library/aa913369.aspx [M47] Microsoft, Installing Developer Tools for Windows Mobile, March 2008 Installing Developer Tools for Windows Mobile [M48] Microsoft, Solution (.sln) File, November 2007, http://msdn.microsoft.com/en-us/library/bb165951.aspx [M49] Microsoft, Device Emulator Configuration Files, November 2007, http://msdn.microsoft.com/en-us/library/bb531162.aspx [M50] [M51] Microsoft, Device Emulator Configuration XML Schema Reference, November 2007, http://msdn.microsoft.com/en-us/library/bb531167.aspx Microsoft, XPath Reference, 2008, http://msdn.microsoft.com/enus/library/ms256115.aspx [M52] Microsoft, Windows Mobile 6.1 Emulator Images, 2008, http://www.microsoft.com/downloads/details.aspx?familyid=3d6f581e- C093-4B15-AB0C-A2CE5BFFDB47&displaylang=en [M53] Microsoft, SystemProperty Enumeration, March 2008, http://msdn.microsoft.com/en-us/library/microsoft.windowsmobile..status.systemproperty.aspx [M54] Microsoft, GPS Intermediate Driver Architecture, March 2008, http://msdn.microsoft.com/en-us/library/bb201942.aspx [M55] Microsoft, Creating Applications that Utilize GPS, March 2008, http://msdn.microsoft.com/en-us/library/bb158727.aspx [M56] Microsoft, Accessing Parsed GPS Data, March 2008, http://msdn.microsoft.com/en-us/library/bb202033.aspx [M57] Microsoft, extended GPS Intermediate Driver, March 2008, http://msdn.microsoft.com/en-us/library/bb202063.aspx [M58] Microsoft, Using the GPS Intermediate Driver from Managed Code, March 2008, http://msdn.microsoft.com/en-us/library/bb158708.aspx [M59] Microsoft, A description of Svchost.exe in Windows XP Professional Edition, December 2007, http://support.microsoft.com/kb/314056 viii

[M60] Microsoft, Microsoft.WindowsMobile.PocketOutlook.MessageInterception Namespace, March 2008, http://msdn.microsoft.com/en-us/ library/ microsoft.windowsmobile.pocketoutlook.messageinterception.aspx [M61] Microsoft, MessageCondition Class, March 2008, http://msdn.microsoft.com/en-us/library/microsoft.windowsmobile. pocketoutlook.messageinterception.messagecondition.aspx [M62] Microsoft, Microsoft.WindowsMobile.Telephony Namespace, March 2008, http://msdn.microsoft.com/en-us/library/microsoft.windowsmobile...telephony.aspx [M63] Microsoft, How to Intercept Incoming Short Message System (SMS) Messages, June 2008, http://msdn.microsoft.com/enus/library/bb932385.aspx [M64] Microsoft, Compiling to MSIL, November 2007, http://msdn.microsoft.com/en-us/library/c5tkafs1.aspx [M65] Microsoft, Compiling MSIL to Native Code, November 2007, http://msdn.microsoft.com/en-us/library/ht8ecch6.aspx [M66] Microsoft, Common Language Runtime Overview, November 2007, http://msdn.microsoft.com/en-us/library/ddk909ch.aspx [M67] Microsoft, Debug Build Versus Release Build, 2008, http://msdn.microsoft.com/en-us/library/aa242695(vs.60).aspx [RG08] Red Gate Software,.NET Reflector, 2008, http://www.red-gate.com/products/reflector/ [SF08] SourceForge, Reflexil, May 2008, http://sourceforge.net/projects/reflexil/ [SM07] Sun Microsystems, Java Security Architecture, December 2007, http://java.sun.com/j2se/1.4.2/docs/guide/security/spec/securityspec.doc1.html [SY08] Symbian, Symbian Developer Network, 2008 http://developer.symbian.com/main/tools_and_sdks/developer_tools/ [WL04] Seow Wei Lim(Louis),.NET Obfuscators, 2004 http://cse.unl.edu/~jricha/re/documents/obfuscation.doc. ix

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information