PPCGeeks Forums HTC Arrive HTC HD2 HTC Thunderbolt HTC Touch Pro 2 HTC Evo 4G HTC Evo 3D Samsung Galaxy S II Motorola Droid X Apple iPhone Blackberry
Go Back   PPCGeeks > Windows Mobile > General Windows Mobile Discussions


LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-04-2010, 10:18 AM
tsowen's Avatar
Retired Staff
Pocket PC: Samsung Galaxy S ll, Epic 4G Touch
Carrier: Sprint
Location: San Antonio
Join Date: Mar 2007
Posts: 4,849
Reputation: 78880
tsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation level
Mentioned: 8 Post(s)
Tagged: 1 Thread(s)
Send a message via ICQ to tsowen Send a message via MSN to tsowen Send a message via Skype™ to tsowen
iBots? Mobile phone network 0wnage

Good article for reading TrustedSource - Blog - iBots? Mobile phone network 0wnage

iBots? Mobile phone network 0wnage

October 28th, 2010
Posted by Jimmy Shah

Some of the most interesting research on mobile botnets is being done in the lab. Security researchers Collin Mulliner and Jean Pierre Seifert have put together a robust Proof-of-Concept (PoC) iPhone botnet.
Their research was presented at the 5th International Conference on Malicious and Unwanted Software (MALWARE 2010) last week. In a presentation titled “Rise of the iBots: 0wning a telco network”, Mulliner/Seifert look into various methods of establishing command and control (C&C) of a botnet over a mobile telephone company’s network. Very timely, I added an overview of the research to my talk on Saturday at Toorcon.
The researchers didn’t implement any spreading functionality so that there was no risk of the botnet escaping the lab. They instead concentrated on seeing which communication methods were best for maintaining a distributed computing network (like a botnet); SMS, http, or P2P. Unlike general PC security researchers, these two have experience in the challenges and issues involved in developing for low powered, limited CPU/RAM devices with inconsistent network connectivity(EDGE, 3G, WiFi, etc.).
The SMS method, using text messages to send commands to the bots, is commonly used by other mobile spyware and botnets. The more advanced malware will also intercept and delete any command SMS messages, so that the user never suspects that they’re infected. Mulliner has previous experience with SMS interception, having presented his research on the topic at the Black Hat USA security conference in 2009.
Instead of using straightforward text-based SMS messages like with other mobile malware, they use binary mode SMS. These are not system SMS messages or “flash” SMS messages that don’t leave a trail in the inbox. They’re just SMS messages with about 140 bytes. Sending in binary lets them encode commands in less space and also helps to make the C&C messages harder to detect. They also determined that in addition to SMS, using a combination of P2P and http protocols could increase the robustness of the botnet.
There’s a joke amongst malware researchers that sometimes it feels like we’re doing QA for the malware authors; calling them out on their bad code. Malware authors aren’t generally known for following secure development or software testing processes. Occasionally it takes a professional developer/researcher to do it right. Mulliner’s research from Black Hat involved fuzzing SMS handlers, so it was amusing to see that they actually fuzzed their botnet’s SMS command handling code. I guess when you’re getting ready to take over your telephone company’s network, you can’t have your botnet fail just because it gets a malformed command SMS.
Since they used binary SMS messages, the botnet commands aren’t as easy to decode as a plain text protocol. The table below shows the breakdown of a command SMS. Mulliner/Seifert were careful in designing their communication protocol to insure that it was safe from replay attacks(responding only to packets with sequence numbers greater than the last command) or hijacking through command emulation(encrypting and digitally signing command messages).

Fig 1 - Binary command SMS messages are broken down into a few parts. Each command SMS is digitally signed to prevent hijacking of the botnet. The sequence number helps to prevent a replay attack. All packets can also be optionally encrypted to further evade detection.

Below is a breakdown of the commands they implemented:

Fig 2 - A human-readable list of the binary commands used in the botnet. Running a command can be used to DDOS a website.

After seeing an attempt at a stable, fault resistant, mobile botnet, one might wonder how to protect against such a threat. On that note, we may actually be better off taking a page from Mulliner and Seifert’s presentation:
“Mobile telcos need to think about monitoring and fighting SMS-based botnets”.
This works for threats on the network. On the individual level there are still a few ways to shut the door on attackers:
  • Install the latest official OS/firmware patches for your smartphone
  • Avoid pirated software or software from untrusted sources

Last edited by tsowen; 11-04-2010 at 10:30 AM.
Reply With Quote

  PPCGeeks > Windows Mobile > General Windows Mobile Discussions

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

All times are GMT -4. The time now is 11:16 PM.

Powered by vBulletin® ©2000 - 2020, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0
©2012 - PPCGeeks.com