research-article

Stealthy video capturer: a new video-based spyware in 3G smartphones

Authors:
Nan Xu

City University of Hong Kong, Hong Kong, Hong Kong

City University of Hong Kong, Hong Kong, Hong Kong
View Profile

,
Fan Zhang

Huazhong University of Sci. & Tech. & City University of Hong Kong, Wuhan & Hong Kong, China

Huazhong University of Sci. & Tech. & City University of Hong Kong, Wuhan & Hong Kong, China
View Profile

,
Yisha Luo

City University of Hong Kong, Hong Kong, Hong Kong

City University of Hong Kong, Hong Kong, Hong Kong
View Profile

,
Weijia Jia

City University of Hong Kong, Hong Kong, Hong Kong

City University of Hong Kong, Hong Kong, Hong Kong
View Profile

,
Dong Xuan

The Ohio State University, Columbus, OH, USA

The Ohio State University, Columbus, OH, USA
View Profile

,
Jin Teng

City University of Hong Kong, Hong Kong, Hong Kong

City University of Hong Kong, Hong Kong, Hong Kong
View Profile

WiSec '09: Proceedings of the second ACM conference on Wireless network securityMarch 2009Pages 69–78https://doi.org/10.1145/1514274.1514285

Published:16 March 2009Publication History

WiSec '09: Proceedings of the second ACM conference on Wireless network security

Pages 69–78

ABSTRACT

In this paper, we investigate video-based vulnerabilities in 3G Smartphones. Particularly, we design a new video-based spyware, called Stealthy Video Capturer (SVC). SVC can secretly record video information for the third party, greatly compromising Smartphone users' privacy. We implement the spyware and conduct extensive experiments on real world 3G Smartphones. Our experimental results show that the spyware can capture private video information with unremarkable power consumption, CPU and memory occupancy, hence being stealthy to Smartphone users. Moreover, SVC can naturally be resistant to almost all commercial anti-virus tools, like McAfee, Kaspersky and F-Secure mobile version. To the best of our knowledge, our work is the first one to address video-based vulnerabilities in 3G Smartphones. We expect our work will prompt serious attentions on this issue.

References

Canalys.com. http://www.canalys.com/pr/2008/ r2008021.htmGoogle Scholar
M. Hypponen. Malware Goes Mobile. Scientific American, pp. 70--76, 2006Google ScholarCross Ref
SuperTasks. http://www.softwareandson.com/SuperTasks/Google Scholar
Memmaid. http://www.dinarsoft.com/memmaid/Google Scholar
Z. Cheng. Mobile Malware: Threats and Prevention. McAfee Avert @ Labs Technical White Papers, Sept., 2007.Google Scholar
G. Lawton. Is It Finally Time to Worry about Mobile Malware? Computer,41(5), 12--14, 2008. Google ScholarDigital Library
D. Dagon, T. Martin and T. Starner. Mobile Phones as Computing Devices: The Viruses are Coming! IEEE Pervasive Computing, 3(4), 11--15, 2004. Google ScholarDigital Library
M. Piercy. Embedded devices next on the virus target list. Electronics Systems and Software, 2(6), 42--43, 2005.Google ScholarCross Ref
Newest Electronic Threat: Mobile Spyware. http://www.nospysoftware.com/spyware--news/spyware--adware--mobile.phpGoogle Scholar
FlexiSPY Mobile Spyware: Monitoring solution or Security Nightmare. http://www.informit.com/articles/article.aspx?p=1185592Google Scholar
Hidden Camera Threat Display. http://research.sunbelt-software.com/Google Scholar
J. Cheng, S.H.Y. Wong, H. Yang and S. Lu. SmartSiren: virus detection and alert for Smartphones. In Proc. of MOBISYS'07, 258--271, 2007. Google ScholarDigital Library
A. Bose, X. Hu, K.G. Shin and T. Park. Behavioral detection of malware on mobile handsets. In Proc. of MOBISYS'08, 225--238, 2008. Google ScholarDigital Library
H. Kim, J. Smith and K.G. Shin. Detecting energy-greedy anomalies and mobile malware variants. In Proc. of MOBISYS'08, 239--252, 2008. Google ScholarDigital Library
C. Fleizach, M. Liljenstam and P. Johansson, et al. Can you infect me now?: malware propagation in mobile phone networks. In Proc. of WORM'07, 61--68, 2007. Google ScholarDigital Library
R. Perdisci, A. Lanzi and W. Lee. McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. In Proc. of ACSAC'08, 301--310, 2008. Google ScholarDigital Library
A. Dinaburg, P. Royal, M. Sharif and W. Lee. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proc. of CCS'08, 51--62, 2008. Google ScholarDigital Library
M. Sharif, V. Yegneswaran, H. Saidi, P. Porras and W. Lee. Eureka: A Framework for Enabling Static Malware Analysis. In Proc. of ESORICS'08, 481--500, 2008. Google ScholarDigital Library
G. Gu, P. Porras, V. Yegneswaran, M. Fong and W. Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In Proc. of USENIX Security Symposium, 167--182, 2007. Google ScholarDigital Library
C. Mulliner and G. Vigna. Vulnerability Analysis of MMS User Agents. In Proc. of ACSAC'06, 77--88, 2006. Google ScholarDigital Library
C. Mulliner, G. Vigna, D. Dagon and W. Lee. Using Labeling to Prevent Cross--Service Attacks Against Smart Phones. In Proc. of DIMVA'06, 91--108, 2006. Google ScholarDigital Library
P. Royal, M. Halpin, D. Dagon, R. Edmonds and W. Lee. PolyUnpack: Automating the Hidden--Code Extraction of Unpack-Executing Malware. In Proc. of ACSAC'06, 289--300, 2006. Google ScholarDigital Library
G. Shen, Y. Li and Y. Zhang. MobiUS: Enable Together--Viewing Video Experience across Two Mobile Devices. In Proc. of MOBISYS'07, 30--42, 2007. Google ScholarDigital Library
R. Racic, D. Ma and H. Chen. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery. In Proc. of Securecomm and Workshops, 1--10, 2006.Google ScholarCross Ref
P. Traynor, W. Enck, P. McDaniel and T.L. Porta. Mitigating attacks on open functionality in SMS-capable cellular networks. In Proc. of MOBICOM'06, 182--193, 2006. Google ScholarDigital Library
New Cabir Worms Target Mobile Phones: http://www.viruslist.com/en/analysis?pubid=200119916Google Scholar
Security Model for Windows Mobile 5.0 and Windows Mobile 6. http://www.microsoft.com/technet/solutionaccelerators/mobile/maintain/SecModel/aff7cf7f-0e11-4ef4-8626--f33bd969b35a.mspx?mfr=trueGoogle Scholar
A. Ranjan. Using a Camera with Windows Mobile 5. http://www.developer.com/ws/pc/article.php/10947_ 3621211_1,July 21,2006Google Scholar

Stealthy video capturer: a new video-based spyware in 3G smartphones
1. Social and professional topics
  1. Computing / technology policy

Recommendations

A Data-driven Characterization of Modern Android Spyware

According to Nokia’s 2017 Threat Intelligence Report, 68.5% of malware targets the Android platform; Windows is second with 28%, followed by iOS and other platforms with 3.5%. The Android spyware family UAPUSH was responsible for the most infections, ...
Read More
Panorama: capturing system-wide information flow for malware detection and analysis
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

Malicious programs spy on users' behavior and compromise their privacy. Even software from reputable vendors, such as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques for detecting malware and ...
Read More
SmartSiren: virus detection and alert for smartphones
MobiSys '07: Proceedings of the 5th international conference on Mobile systems, applications and services

Smartphones have recently become increasingly popular because they provide "all-in-one" convenience by integrating traditional mobile phones with handheld computing devices. However, the flexibility of running third-party softwares also leaves the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WiSec '09: Proceedings of the second ACM conference on Wireless network security
March 2009
280 pages
ISBN:9781605584607
DOI:10.1145/1514274
General Chair:
David Basin
ETH Zurich, Switzerland
,
Program Chairs:
Srdjan Capkun
ETH Zurich, Switzerland
,
Wenke Lee
Georgia Tech, USA
Copyright © 2009 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 March 2009
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
3g smartphones
privacy
security
spyware
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate98of338submissions,29%
Upcoming Conference
WiSec '24

Sponsor:

sigsac

17th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 27 - 30, 2024

Seoul , Republic of Korea
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 79
  Total Citations
  View Citations
- 915
  Total Downloads
- Downloads (Last 12 months)10
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Stealthy video capturer: a new video-based spyware in 3G smartphones

WiSec '09: Proceedings of the second ACM conference on Wireless network security

ABSTRACT

References

Cited By

Recommendations

A Data-driven Characterization of Modern Android Spyware

Panorama: capturing system-wide information flow for malware detection and analysis

SmartSiren: virus detection and alert for smartphones