Transparent Botnet Control for Smartphones over SMS. Georgia Weidman

Similar documents
Smartphone Botnets. Berlin Institute of Technology FG Security in Telecommunications SPRING 2010

Now SMS/MMS Android Modem Quick Start Guide

Anti-Spyware Analysis for ios: An Evaluation of Current Security Products Available for ios

Secure Your Mobile Workplace

Learning Management Redefined. Acadox Infrastructure & Architecture

Key & Data Storage on Mobile Devices

BBM Protected: Secure enterprise- GrAde MoBIle MeSSAGING

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

SHORT MESSAGE SERVICE SECURITY

Over-the-Air Cross-platform Infection for Breaking mtan-based Online Banking Authentication

The power of root on Android emulators

Dirty use of USSD codes in cellular networks

Distributed Systems. Distributed Systems

Security A to Z the most important terms

Managing Web Security in an Increasingly Challenging Threat Landscape

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

Cloud Based Secure Web Gateway

Mobile Security. Practical attacks using cheap equipment. Business France. Presented the 07/06/2016. For. By Sébastien Dudek

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Linux Web Based VPN Connectivity Details and Instructions

SHARPCLOUD SECURITY STATEMENT

Mobile NFC 101. Presenter: Nick von Dadelszen Date: 31st August 2012 Company: Lateral Security (IT) Services Limited

Chapter 17. Transport-Level Security

Security Policy Revision Date: 23 April 2009

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN:

Conducting Virtual Meetings

IKEE.B. An analysis of the IKEE.B iphone Bot. Hassen Saidi Computer Science Laboratory

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Secure software updates for ITS communications devices

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Injecting SMS Messages into Smart Phones for Security Analysis

Storgrid EFS Access all of your business information securely from any device

Fuzzing the Phone in your Phone (Black Hat USA 2009)

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

Towards Automated Botnet Detection and Mitigation

A new Secure Remote Access Platform from Giritech. Page 1

SecureCom Mobile s mission is to help people keep their private communication private.

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

COPY9 USER GUIDE for iphone

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Copyright Copyright 2014 SerVision Ltd. All Rights Reserved.

The Shift to Wireless Data Communication

Hacking Android for fun & profit

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Assessing BYOD with the Smarthpone Pentest Framework. Georgia Weidman

Security Threats for Mobile Platforms

Nokia E90 Communicator Using WLAN

BOMGAR.COM BOMGAR VS. GOTOASSIST UPDATED: 9/8/2015

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Access Your Cisco Smart Storage Remotely Via WebDAV

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Intelligent Database Monitoring System using ARM9 with QR Code

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Tutorial on Smartphone Security

Digital Audio and Video Data

Trusler i Web- og Mobilkanalen Audun Jøsang

The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager

The Secure Sockets Layer (SSL)

BBM Protected Secure mobile

Apache Milagro (incubating) An Introduction ApacheCon North America

EFFECTIVE QUERY RETRIEVAL SYSTEM IN MOBILE BUSINESS ENVIRONMENT

Smart Anytime, Safe Anywhere. Climax Home Portal Platform. Envisage and Enable a Connected Future

Absolute Backdoor Revisited. Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs

Downloading Electro Scan Smartphone App From Google Play* * Previously known as The Android Market

International Journal of Computing and Business Research (IJCBR)

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Bluetooth Low Energy Client Module Out of Box Setup Guide Version 1.0.0

Network Management. Jaakko Kotimäki. Department of Computer Science Aalto University, School of Science. 21. maaliskuuta 2016

International Journal of Computing and Business Research (IJCBR) INSECURE GSM NETWORK AND SECURITY SOLUTIONS FOR MOBILE BANKING

Attacking SMS. BlackHat USA RingZero

Workday Mobile Security FAQ

DTR Business Systems, Inc. Rene Beltran

BYOD and Its Impact on IT. Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment

Exploiting Fundamental Weaknesses in Command and Control (C&C) Panels

UNDERSTANDING SMS: Practitioner s Basics

Machine Problem 3 (Option 1): Mobile Video Chat

Protocol Security Where?

Phone: Fax: Box: 230

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Detecting Bots with Automatically Generated Network Signatures

Personalised icalendar Teaching Timetable Feed for Staff and Students

@msecnet / Bogdan ALECU

Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

BotNets- Cyber Torrirism

Top Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore

Internet Self Service FAQs

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

Technical documentation

Worldwide attacks on SS7 network

Billion Dollar Botnets:

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

Secure Frequently Asked Questions

Fairsail REST API: Guide for Developers

Copyright MyPW LLC.

REGULATORY ADVISORY 14 FEBRUARY 2014

Web server botnets and hosting farms as attack platforms

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

Transcription:

Transparent Botnet Control for Smartphones over SMS Georgia Weidman

Why Smartphone Botnets? Nearly 62 million smartphones sold in Q2 2010 Development is similar to standard platforms Android = Linux iphone = OSX Windows Mobile = Windows Technical specs not as good as top of the line desktops. They are as good as the desktops you might have at work.

Why SMS C&C? Battery Management Fault Tolerant Always On Difficult for security researchers to monitor

How an SMS is sent and received

How an SMS is sent and received

How an SMS is sent and received

How an SMS is sent and received

Previous Work: SMS Fuzzing At Blackhat 2009, Charlie Miller & Collin Mulliner proxied the application layer and modem to crash smartphones with SMS.

Master Bot

Master Bot Handled by botherders Switched out regularly to avoid detection Prepay SIM Cards + Kleptomania Sends instructions to Sentinel Bots In charge of bot structure

Sentinel Bots

Sentinel Bots Several trustworthy long infected bots Receive instructions from master bot Pass on instructions to a set of slave bots

Slave Bots

Slave Bots Receive instructions from sentinel bots Carry out botnet payload functionality (DDOS, SPAM, etc.)

Robustness Master Bot: May change device, platform, SIM at will Prepaid phones are difficult to track Has knowledge of all active bots Sentinel Bots: Reserved for long time bots The only bots that interact directly with the master Master may promote any slave when needed Slave Bots: A compromise results in at most finding the identity of a single sentinel

Security Concerns Impersonation: Use cryptographic keys to authenticate master bot and sentinel bots Replay: SMS timestamps Sequence number One time keys

SMS-Deliver PDU 07914140540510F1040B915117344588F1000 00121037140044A0AE8329BFD4697D9EC37 Field Value Length of SMSC 07 Type of Address (SMSC) 91 Service Center Address (SMSC) 41 40 54 05 10 F1 SMS Deliver Info 04 Length of Sender Number 0B Type of Sender Number 91 Sender Number 51 17 34 45 88 F1 Protocol Identifier 00 Data Coding Scheme 00 Time Stamp 01 21 03 71 40 04 4A User Data Length 0A User Data E8 32 9B FD 46 97 D9 EC 37

SMS-Deliver PDU 07914140540510F1040B915117344588F1000 00121037140044A0AE8329BFD4697D9EC37 Field Length of SMSC 07 Type of Address (SMSC) 91 Service Center Address (SMSC) SMS Deliver Info 04 Length of Sender Number 41 40 54 05 10 F1 0B Type of Sender Number 91 Sender Number Protocol Identifier 00 Data Coding Scheme 00 Time Stamp User Data Length 51 17 34 45 88 F1 Value 01 21 03 71 40 04 4A User Data E8 32 9B FD 46 97 D9 EC 37 0A

How It Works 1. Bot Receives Message 2. Bot Decodes User Data 3. Bot Checks for Bot Key 4. Bot Performs Payload Functionality

How It Works 1. Bot Receives Message Bot receives all communication from modem If SMS (code CMT) continue analysis If not SMS pass up to user space 2. Bot Decodes User Data 3. Bot Checks for Bot Key 4. Bot Performs Payload Functionality

How It Works 1. Bot Receives Message 2. Bot Decodes User Data Moves through PDU to User Data Decode 7 bit GSM to plaintext 3. Bot Checks for Bot Key 4. Bot Performs Payload Functionality

How It Works 1. Bot Receives Message 2. Bot Decodes User Data 3. Bot Checks for Bot Key Bot checks for secret key in message If bot message continue analysis If not bot message pass to user space 4. Bot Performs Payload Functionality

How It Works 1. Bot Receives Message 2. Bot Decodes User Data 3. Bot Checks for Bot Key 4. Bot Performs Payload Functionality Bot reads functionality request in message If found perform functionality If not found fail silently

Getting The Bot Installed Regular Users: App + Local Root Exploit (Sendpage etc.) Example: John Oberheide's Twilight Android Botnet Defcon Skytalks 2010 Root-level/Jailbroken Users: Root level app using proxy function for AWESOME + Bot Remote: Remote root exploit (rooted and nonrooted) Example: ikee-b Duh Worm for iphone

Example Payloads Spam Creating SMS-Send PDUs and passing them to the modem Example: SMS ads DDOS Millions of smartphones vs. a server Loading New Functionality Send URL in payload Download the module into known payloads

Parallel Research: iphone Base Code Rise of the ibots: Owning a Telco Network Collin Mulliner and Jean-Pierre Seifert SMS and P2P smartphone botnets

DEMO : ) Android Bot with SMS Spam Payload Released code has the bot without payloads (have fun)

Thanks To Mom for helping me master character arrays in c.

Contact Georgia Weidman Email: Georgia@grmn00bs.com Website: http://www.grmn00bs.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information