Sensing-enabled channels for hard-to-detect command and control of mobile devices

Hasan, Ragib; Saxena, Nitesh; Haleviz, Tzipora; Zawoad, Shams; Rinehart, Dustin

doi:10.1145/2484313.2484373

Cited by 46 publications

(34 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Out of band Control channels influencing sensors of the smart phone devices have been used for initiating attacks by presuming that a mobile malware is already installed in the device [6]. Voice channel has also been used as the covert channel for spreading the malware and for extraction of the information (i.e.…”

Section: C) Installed Third Party Applications (Substitute Messaging mentioning

confidence: 99%

“…These attacks are capable of providing stimulus to the Malware already preinstalled in the Smart phone device [6], spreading the malware across several non infected devices [6], covertly transferring the vital Information stored within the Smart phone device [7] and launching Denial of service [8,10] and Sleep deprivation attacks [10]. These attacks are mentioned in Table 1 and the possibility of achieving the same functionality by means of utilizing the Cellular Infrastructure is briefly defined in the corresponding subsections.…”

Section: Attacks Based On Channelsmentioning

confidence: 99%

“…Sensors based (out of band attacks) presume that the malware possessing the capability of launching an attack is already installed within the Smart phone device, such a malware is triggered by means of activating one of the several available sensors [6]. Due to the availability of multitude of smart phone sensors (Audio Sensor, Optical sensor, Magnetometer and accelerometer etc.)…”

Section: Sensor Based (Out Of Band) Attacksmentioning

confidence: 99%

“…If an anti-Malware solution is to be implemented against exploiting sensors, then it has to monitor all the sensors that too constantly, which will drastically reduce the battery life of a Smart phone device thus adding to the concern [6].Several types of Sensor based attacks both steganographic and nonsteganographic utilizing the Audio, Magnetic, Optical, Vibration sensors can be used to launch attacks as discussed by [6] are mentioned in Table 2. …”

Section: Sensor Based (Out Of Band) Attacksmentioning

confidence: 99%

See 3 more Smart Citations

Utilizing Cellular Infrastructure for Spying of Smart Phones

Haq¹,

Hassan²

2016

IJCA

View full text Add to dashboard Cite

Smart phones form essential part of our daily lives and remain almost always with us or in our close vicinity. They act as an interface for very crucial and personal information like images, videos, voice calls, video calls, downloaded media, text messages, call logs, banking transaction details, passwords etc., thus housing very large amount of private information which can provide deep insight into the personality of the concerned person and thus can be of pivotal importance for Secret service and law enforcement agencies. We have proposed a new Surveillance scheme utilizing the existing Cellular Infrastructure to monitor and extract the information from the blacklisted smart phone devices i.e. devices of terrorists, corrupt politicians, hard core Criminals, drug dealers etc. We will review several attacks over the Smart phones via Communication channels in order to provide the insight for using the Cellular Infrastructure for the purpose of Surveillance and extraction of information from the Blacklisted Smart phone devices and for conducting those very attacks. Surveillance and extraction of information via Cellular infrastructure would be capable of providing both live feedbacks (like ongoing conference(in the vicinity of Smart phone device), ongoing voice/video call, present location etc.) as well as the information contained in the Smart Phone device's memory (including Downloaded media, Images, video Call logs, e-mails, passwords, credit card numbers etc.).

show abstract

Section: C) Installed Third Party Applications (Substitute Messaging mentioning

confidence: 99%

Section: Attacks Based On Channelsmentioning

confidence: 99%

Section: Sensor Based (Out Of Band) Attacksmentioning

confidence: 99%

Section: Sensor Based (Out Of Band) Attacksmentioning

confidence: 99%

See 2 more Smart Citations

Utilizing Cellular Infrastructure for Spying of Smart Phones

Haq¹,

Hassan²

2016

IJCA

View full text Add to dashboard Cite

show abstract

“…The presence of increasingly powerful computing, networking, and sensing functions in smartphones has empowered malicious apps with a variety of advanced capabilities [2], including the possibility to determine the physical location of the smartphone, spy on the user's behavioral patterns, or compromise the data and services accessed through the device. These capabilities are rapidly giving rise to a new generation of targeted malware that makes decisions on the basis of factors such as the device location, the user's profile, or the presence of other apps (e.g., see [3][4][5][6]). …”

Section: Introductionmentioning

confidence: 99%

Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models

Suárez-Tangil

Conti

Tapiador

et al. 2014

Computer Security - ESORICS 2014

View full text Add to dashboard Cite

Abstract. Malware for current smartphone platforms is becoming increasingly sophisticated. The presence of advanced networking and sensing functions in the device is giving rise to a new generation of targeted malware characterized by a more situational awareness, in which decisions are made on the basis of factors such as the device location, the user profile, or the presence of other apps. This complicates behavioral detection, as the analyst must reproduce very specific activation conditions in order to trigger malicious payloads. In this paper, we propose a system that addresses this problem by relying on stochastic models of usage and context events derived from real user traces. By incorporating the behavioral particularities of a given user, our scheme provides a solution for detecting malware targeting such a specific user. Our results show that the properties of these models follow a power-law distribution: a fact that facilitates an efficient generation of automatic testing patterns tailored for individual users, when done in conjunction with a cloud infrastructure supporting device cloning and parallel testing. We report empirical results with various representative case studies, demonstrating the effectiveness of this approach to detect complex activation patterns.

show abstract

Industrial IoT Security Monitoring and Test on Fed4Fire+ Platforms

Rivera

Mallouli

et al. 2019

Testing Software and Systems

View full text Add to dashboard Cite

This paper presents the main results of the experiments conducted using the MMT-IoT security analysis solution run on a IoT Fed4Fire+ platform (Virtual Wall -w.iLab proposed by IMEC, Belgium). MMT is a monitoring framework developed by Montimage, and MMT-IoT is the tool that allows monitoring and analysing the security and performance of IoT networks. The results obtained concern two principal advancements. First, the adaptations made to deploy MMT-IoT on the IoT platform in order to run the tool on the platform's IoT devices. Second, the deployment of the software allowed us to run preliminary tests on the selected platform for performing initial validation and scalability tests on this real environment. To this end, Montimage defined and implemented three test scenarios related to security and scalability with 1 or more clients. These results will be used to prepare a new experimentation phase involving also another Fed4Fire+ platform (LOG-a-TEC proposed by IJS, Slovenia).

show abstract

Sensing-enabled channels for hard-to-detect command and control of mobile devices

Cited by 46 publications

References 15 publications

Utilizing Cellular Infrastructure for Spying of Smart Phones

Utilizing Cellular Infrastructure for Spying of Smart Phones

Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models

Industrial IoT Security Monitoring and Test on Fed4Fire+ Platforms

Contact Info

Product

Resources

About