ABSTRACT
In this paper, we investigate video-based vulnerabilities in 3G Smartphones. Particularly, we design a new video-based spyware, called Stealthy Video Capturer (SVC). SVC can secretly record video information for the third party, greatly compromising Smartphone users' privacy. We implement the spyware and conduct extensive experiments on real world 3G Smartphones. Our experimental results show that the spyware can capture private video information with unremarkable power consumption, CPU and memory occupancy, hence being stealthy to Smartphone users. Moreover, SVC can naturally be resistant to almost all commercial anti-virus tools, like McAfee, Kaspersky and F-Secure mobile version. To the best of our knowledge, our work is the first one to address video-based vulnerabilities in 3G Smartphones. We expect our work will prompt serious attentions on this issue.
- Canalys.com. http://www.canalys.com/pr/2008/ r2008021.htmGoogle Scholar
- M. Hypponen. Malware Goes Mobile. Scientific American, pp. 70--76, 2006Google ScholarCross Ref
- SuperTasks. http://www.softwareandson.com/SuperTasks/Google Scholar
- Memmaid. http://www.dinarsoft.com/memmaid/Google Scholar
- Z. Cheng. Mobile Malware: Threats and Prevention. McAfee Avert @ Labs Technical White Papers, Sept., 2007.Google Scholar
- G. Lawton. Is It Finally Time to Worry about Mobile Malware? Computer,41(5), 12--14, 2008. Google ScholarDigital Library
- D. Dagon, T. Martin and T. Starner. Mobile Phones as Computing Devices: The Viruses are Coming! IEEE Pervasive Computing, 3(4), 11--15, 2004. Google ScholarDigital Library
- M. Piercy. Embedded devices next on the virus target list. Electronics Systems and Software, 2(6), 42--43, 2005.Google ScholarCross Ref
- Newest Electronic Threat: Mobile Spyware. http://www.nospysoftware.com/spyware--news/spyware--adware--mobile.phpGoogle Scholar
- FlexiSPY Mobile Spyware: Monitoring solution or Security Nightmare. http://www.informit.com/articles/article.aspx?p=1185592Google Scholar
- Hidden Camera Threat Display. http://research.sunbelt-software.com/Google Scholar
- J. Cheng, S.H.Y. Wong, H. Yang and S. Lu. SmartSiren: virus detection and alert for Smartphones. In Proc. of MOBISYS'07, 258--271, 2007. Google ScholarDigital Library
- A. Bose, X. Hu, K.G. Shin and T. Park. Behavioral detection of malware on mobile handsets. In Proc. of MOBISYS'08, 225--238, 2008. Google ScholarDigital Library
- H. Kim, J. Smith and K.G. Shin. Detecting energy-greedy anomalies and mobile malware variants. In Proc. of MOBISYS'08, 239--252, 2008. Google ScholarDigital Library
- C. Fleizach, M. Liljenstam and P. Johansson, et al. Can you infect me now?: malware propagation in mobile phone networks. In Proc. of WORM'07, 61--68, 2007. Google ScholarDigital Library
- R. Perdisci, A. Lanzi and W. Lee. McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. In Proc. of ACSAC'08, 301--310, 2008. Google ScholarDigital Library
- A. Dinaburg, P. Royal, M. Sharif and W. Lee. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proc. of CCS'08, 51--62, 2008. Google ScholarDigital Library
- M. Sharif, V. Yegneswaran, H. Saidi, P. Porras and W. Lee. Eureka: A Framework for Enabling Static Malware Analysis. In Proc. of ESORICS'08, 481--500, 2008. Google ScholarDigital Library
- G. Gu, P. Porras, V. Yegneswaran, M. Fong and W. Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In Proc. of USENIX Security Symposium, 167--182, 2007. Google ScholarDigital Library
- C. Mulliner and G. Vigna. Vulnerability Analysis of MMS User Agents. In Proc. of ACSAC'06, 77--88, 2006. Google ScholarDigital Library
- C. Mulliner, G. Vigna, D. Dagon and W. Lee. Using Labeling to Prevent Cross--Service Attacks Against Smart Phones. In Proc. of DIMVA'06, 91--108, 2006. Google ScholarDigital Library
- P. Royal, M. Halpin, D. Dagon, R. Edmonds and W. Lee. PolyUnpack: Automating the Hidden--Code Extraction of Unpack-Executing Malware. In Proc. of ACSAC'06, 289--300, 2006. Google ScholarDigital Library
- G. Shen, Y. Li and Y. Zhang. MobiUS: Enable Together--Viewing Video Experience across Two Mobile Devices. In Proc. of MOBISYS'07, 30--42, 2007. Google ScholarDigital Library
- R. Racic, D. Ma and H. Chen. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery. In Proc. of Securecomm and Workshops, 1--10, 2006.Google ScholarCross Ref
- P. Traynor, W. Enck, P. McDaniel and T.L. Porta. Mitigating attacks on open functionality in SMS-capable cellular networks. In Proc. of MOBICOM'06, 182--193, 2006. Google ScholarDigital Library
- New Cabir Worms Target Mobile Phones: http://www.viruslist.com/en/analysis?pubid=200119916Google Scholar
- Security Model for Windows Mobile 5.0 and Windows Mobile 6. http://www.microsoft.com/technet/solutionaccelerators/mobile/maintain/SecModel/aff7cf7f-0e11-4ef4-8626--f33bd969b35a.mspx?mfr=trueGoogle Scholar
- A. Ranjan. Using a Camera with Windows Mobile 5. http://www.developer.com/ws/pc/article.php/10947_ 3621211_1,July 21,2006Google Scholar
- Stealthy video capturer: a new video-based spyware in 3G smartphones
Recommendations
A Data-driven Characterization of Modern Android Spyware
According to Nokia’s 2017 Threat Intelligence Report, 68.5% of malware targets the Android platform; Windows is second with 28%, followed by iOS and other platforms with 3.5%. The Android spyware family UAPUSH was responsible for the most infections, ...
Panorama: capturing system-wide information flow for malware detection and analysis
CCS '07: Proceedings of the 14th ACM conference on Computer and communications securityMalicious programs spy on users' behavior and compromise their privacy. Even software from reputable vendors, such as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques for detecting malware and ...
SmartSiren: virus detection and alert for smartphones
MobiSys '07: Proceedings of the 5th international conference on Mobile systems, applications and servicesSmartphones have recently become increasingly popular because they provide "all-in-one" convenience by integrating traditional mobile phones with handheld computing devices. However, the flexibility of running third-party softwares also leaves the ...
Comments