Conference: B-Sides
Title: Transparent Botnet Command and Control for Smartphones over SMS
Speaker: Georgia Weidman
The title actually says most of it. SMS is used because it is easy to conceal the botnet. Malware on phones often announces its presence by draining the battery and piggybacking into SMS packets solves that. And SMS is fault tolerant. It is within the protocol itself to resend the message if there is no acknowledgement. The protocol extends to the hacker the courtesy of persistently communicating the attack to its destination. The balance of the talk encompassed the technical details of what an SMS packet looks like and how you craft the attack.
Summary: this talk provided good general security knowledge. I’m not sure if we (NTO) will ever scan smartphones. That is an interesting business prospect though… I have never heard of a smartphone app scanner… one targeted specifically to phone apps.
Leave a Reply