Short Message Service (SMS) Command and Control (C2) Awareness in Android-based Smartphones Using Kernel-Level Auditing
AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT
Pagination or Media Count:
This thesis addresses the emerging threat of botnets in the smartphone domain and focuses on the Android platform and botnets using short message service SMS as the command and control C2 channel. With any botnet, C2 is the most important component contributing to its overall resilience, stealthiness, and e ectiveness. This thesis develops a passive host-based approach for identifying covert SMS tra c and providing awareness to the user. Modifying the kernel and implementing this awareness mechanism is achieved by developing and inserting a loadable kernel module that logs all inbound SMS messages as they are sent from the baseband radio to the application processor. The design is successfully implemented on an HTC Nexus One Android smartphone and validated with tests using an Android SMS bot from the literature. The module successfully logs all messages including bot messages that are hidden from user applications. Suspicious messages are then identified by comparing the SMS application message list with the kernel logs list of events. This approach lays the groundwork for future host-based countermeasures for smartphone botnets and SMS-based botnets.
- Non-Radio Communications