Vegas 2011 Review: Transparent Botnet Command and Control for Smartphones over SMS

Conference: B-Sides
Title: Transparent Botnet Command and Control for Smartphones over SMS
Speaker: Georgia Weidman

The title actually says most of it.  SMS is used because it is easy to conceal the botnet.  Malware on phones often announces its presence by draining the battery and piggybacking into SMS packets solves that.  And SMS is fault tolerant.  It is within the protocol itself to resend the message if there is no acknowledgement.  The protocol extends to the hacker the courtesy of persistently communicating the attack to its destination.  The balance of the talk encompassed the technical details of what an SMS packet looks like and how you craft the attack.

Summary:  this talk provided good general security knowledge.  I’m not sure if we (NTO) will ever scan smartphones.  That is an interesting business prospect though… I have never heard of a smartphone app scanner… one targeted specifically to phone apps.

Last updated by at .

About M. J. Power

M.J. Power aka Mike Morton is a Founder & the Lead Developer at NT OBJECTives. He has considerable experience in software architecture including web applications, database, and Windows applications using C++, COM, C#/.NET and related software technologies. His software experience includes such diverse applications as advertisement layout software, dialup internet protocols, memory management software, DNA sequencing, workforce management web applications, and security assessment software. Connect with Mike on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *