Short Message Service (SMS) Command and Control (C2) Awareness in Android-based Smartphones Using Kernel-Level Auditing
Abstract
This thesis addresses the emerging threat of botnets in the smartphone domain and focuses on the Android platform and botnets using short message service (SMS) as the command and control (C2) channel. With any botnet, C2 is the most important component contributing to its overall resilience, stealthiness, and e ectiveness. This thesis develops a passive host-based approach for identifying covert SMS tra c and providing awareness to the user. Modifying the kernel and implementing this awareness mechanism is achieved by developing and inserting a loadable kernel module that logs all inbound SMS messages as they are sent from the baseband radio to the application processor. The design is successfully implemented on an HTC Nexus One Android smartphone and validated with tests using an Android SMS bot from the literature. The module successfully logs all messages including bot messages that are hidden from user applications. Suspicious messages are then identified by comparing the SMS application message list with the kernel log's list of events. This approach lays the groundwork for future host-based countermeasures for smartphone botnets and SMS-based botnets.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 14, 2012
- Accession Number
- ADA562722
Entities
People
- Robert J. Olipane
Organizations
- Air Force Institute of Technology