Transparent Botnet Command and Control for Smartphones over SMS

BSidesLV 2011

Presented by: Georgia Weidman
Date: Thursday August 04, 2011
Time: 11:30 - 12:30
Location: Track 2
Track: Track 2

As smartphones become increasingly ubiquitous and powerful, they become appealing targets for botnet infections. Many of the top selling smartphone platforms are built on common PC operating systems. This makes the transition from developing PC based malware to smartphone based malware nearly trivial. Smartphone malware and specifically botnets have been seen both in security research and in the wild. The GSM modem can be viewed as a public IP address without filtering or firewall capabilities. The presentation shows an example of a smartphone botnet that is controlled over the GSM function SMS. The presented system works at the base operating system below the application layer, resulting in transparency to the user. Details of the system are discussed with particular interest on cryptography and security concerns. Never before seen payload demos will be shown on multiple platforms and iPhone proof of concept code will be released.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats