Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.

Slides:

Advertisements

Similar presentations

Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.

Advertisements

Operating System Structures

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Chap 2 System Structures.

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

University of Utah 1 Portable Computers Early -Osborne -Kaypro -Compaq

Robin Estabrooks Computer Science 1631, Winter 2011.

Chan pak lim chau ho chit cheung tak ching yip pak ho g2

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

The Topic : The Difference Between The Blackberry And The IPhone Week 6 HomeWork.

Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Android Wentworth Institute of Technology Elec101 07/08 Douglas A. Arevalo-Santos.

Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by ： Dr. Chao-huang Wei Department of Electrical Engineering.

Case study 2 Android – Mobile OS.

William Enck, Machigar Ongtang, and Patrick McDaniel.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

V | © OverDrive, Inc | Page 1 User Experience: Library eBooks for Kindle.

Introduction Our Topic: Mobile Security Why is mobile security important?

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Mobile Operating System Security A PRESENTATION BY DANIEL ADAMS CSC 345 DR. BOX.

THREATS TO MOBILE NETWORK SECURITY

Malware and Spyware Attacking Cell Phones Chris Gooch, Jessica Russell, Destiny Logan.

A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO twitter.com/LacoonSecurity.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Seminar On Cellular Virus

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Embedded Systems Mohammad A. Gowayyed (c) 2012 Mohammad A. Gowayyed1.

Software GCSE COMPUTING.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

D u k e S y s t e m s Pocket Hypervisors: Opportunities and Challenges Peter Chen University of Michigan Landon Cox Duke University.

An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko

Cellular Networks and Mobile Computing COMS , Spring 2012 Instructor: Li Erran Li

Stealthy Malware Detection Through VMM-based “Out-of-the-Box” Semantic View Reconstruction CCS’07, Alexandria, VA, Oct 29 – Nov 2, 2007 Xuxian Jiang, Xinyuan.

1 COMPSCI 110 Operating Systems Who - Introductions How - Policies and Administrative Details Why - Objectives and Expectations What - Our Topic: Operating.

Behavioral Detection of Malware on Mobile Handsets Abhijit Bose IBM TJ Watson Research Xin Hu University of Michigan Kang G. Shin University of Michigan.

KAIST Internet Security Lab. CS710 Behavioral Detection of Malware on Mobile Handsets MobiSys 2008, Abhijit Bose et al 이 승 민.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Introducing Software Computer Concepts Unit A. Introducing Software What is an Operating System? OS is the master controller for all the activities that.

Lei Liu, Department of Computer Science, George Mason University Guanhua Yan, Information Sciences Group, Los Alamos National Laboratory Xinwen Zhang,

Welcome to CPS 210 Graduate Level Operating Systems –readings, discussions, and programming projects Systems Quals course –midterm and final exams Gateway.

Operating Systems Security

1 REMOTE CONTROL SYSTEM V7 2 Introduction.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw (ONL)

W elcome to our Presentation. Presentation Topic Virus.

VMM Based Rootkit Detection on Android

Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).

The Whole new Experience - By Mahesh Chauhan. Its sounds strange but the fact is that :-  More than 90% of the CPUs in the world are not in desktops.

Global Mobile Anti-malware Market WEBSITE Single User License: US$ 2500 No of Pages: 55 Corporate User License: US$

Analysis And Research Of System Security Based On.

Course 03 Basic Concepts assist. eng. Jánó Rajmond, PhD

KASPERSKY INTERNET SECURITY multi-device  Average number of devices in households: 4.5  Consumer device diversity will continue to expand.

BLACKBERRY TECHNOLOGY PRESENTED BY SHAIK TABREZ (09J01A1225 )

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.

KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.

Voice Controlled Robot by Cell Phone with Android App

Seminar On Cellular Virus

Regulating ARM TrustZone Devices in Restricted Spaces

Office 365 September 07, 2016.

Cyber intelligence made easy.

Vinod Ganapathy securely How to snapshot memory Vinod Ganapathy

A Bare PC Text Based Browser

Presentation transcript:

Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department of Computer Science, Rutgers University

Rise of the Smart Phone HotMobile 2/23/20102

Rise of the Smart Phone 1993 calendar, address book, touch screen on-screen "predictive" keyboard Simon HotMobile 2/23/20102

Rise of the Smart Phone Symbian OS Ericsson R380 HotMobile 2/23/20102

Rise of the Smart Phone Blackberry Windows Pocket PC Treo Treo 180 BlackBerry 5810 HotMobile 2/23/20102

Rise of the Smart Phone iPhone HotMobile 2/23/20102

Rise of the Smart Phone iPhone 3G/3GS Android App Stores HotMobile 2/23/20102

3 Smart Phone Users

HotMobile 2/23/20104 Smart Phone Interfaces A rich set of interfaces is now available GSM GPS Bluetooth AccelerometerMicrophoneCamera

HotMobile 2/23/20105 Smart Phone Apps Contacts Location Banking Over 140,000 apps today

Smart Phone Operating Systems OSLines of Code Linux 2.6 Kernel10 million Android20 million Symbian20 million Complexity comparable to desktops HotMobile 2/23/20106

7 The Rise of Mobile Malware 2004 Cabir spreads via Bluetooth drains battery Receive message via Bluetooth? Yes No

HotMobile 2/23/20107 The Rise of Mobile Malware 2004 first J2ME malware sends texts to premium numbers RedBrowser 2006

HotMobile 2/23/20107 The Rise of Mobile Malware 2004 Kaspersky Labs report: 106 types of mobile malware 514 modifications

HotMobile 2/23/20108 The Rise of Mobile Malware “My iPhone is not jailbroken and it is running iPhone OS 3.0”

HotMobile 2/23/20109 Contributions Introduce rootkits into the space of mobile malware Demonstrate with three proof-of concept rootkits Explore the design space for detection

HotMobile 2/23/ Rootkits App User Space Kernel Space Libraries Kernel Code System Call Table Drivers Process Lists Virus Anti Virus

HotMobile 2/23/ Rootkits App User Space Kernel Space Libraries Kernel Code System Call Table Drivers Process Lists Anti Virus Rootkit Virus

Proof of Concept Rootkits HotMobile 2/23/ Note: We did not exploit vulnerabilities 1. Conversation Snooping Attack 2. Location Attack 3. Battery Depletion Attack Openmoko Freerunner

HotMobile 2/23/ Conversation Snooping Attack Attacker Send SMS Rootkit Infected Dial me “ ” Call Attacker Turn on Mic Delete SMS Rootkit stops if user tries to dial

HotMobile 2/23/ Conversation Snooping Attack Attacker Rootkit Infected Call Attacker Turn on Mic Calendar Notification

Attacker Send SMS Rootkit Infected Send Location “ ” 2. Location Attack Query GPS HotMobile 2/23/ N40°28', W074°26 SMS Response Delete SMS

3. Battery Depletion Attack Rootkit turns on high powered devices Rootkit shows original device status HotMobile 2/23/ Attack :

HotMobile 2/23/ Rootkit Detection App User Space Kernel Space Libraries Kernel Code System Call Table Drivers Process Lists Rootkit Detector Rootkit DOES NOT WORK!

HotMobile 2/23/ Memory Introspection Kernel Sys Call Table Monitor Fetch and Copy Monitor MachineTarget Machine Training Phase

HotMobile 2/23/ Memory Introspection KernelMonitor Fetch Monitor MachineTarget Machine Compare System OK Detection Phase

HotMobile 2/23/ Memory Introspection KernelMonitor Fetch Monitor MachineTarget Machine Compare Rootkit Detected Rootkit mal_write() Detection Phase

HotMobile 2/23/ Monitoring Approaches 1. Hardware Approach Monitor MachineTarget Machine Rootkit Infected NIC with remote DMA support

Smart Phone Challenge Monitor MachineRootkit Infected HotMobile 2/23/ Problem: Need interface allowing memory access without OS intervention (FireWire?)

HotMobile 2/23/ Monitoring Approaches Host Machine Hypervisor Dom0OS 2. VMM-based Approach Detector

Smart Phone Challenge HotMobile 2/23/ Problem: CPU-intensive detection algorithms exhaust phone battery Solution: Offload detection work to the service provider Send Pages Response CPU intensive work

Optimizations for Energy-Efficiency HotMobile 2/23/ Page Table Monitor Fetch Problem: Too many memory pages may have to be transferred

Optimizations for Energy-Efficiency HotMobile 2/23/ Page Table Monitor 1 1 Fetch Solution: Only fetch and scan pages that have been recently modified

HotMobile 2/23/ Related Work (1/2) Rootkit Detection Enforcement of Kernel Data Structure Invariants [Baliga, et al., ACSAC 2008] Virtual Machine Introspection [Garfinkel and Rosenblum, NDSS 2003] Mobile Security and Detection Semantically Rich Application-Centric Security in Android [Ongtang, et al., ACSAC 2009] Detecting Energy-Greedy Anomalies [Kim, et al., MobiSys 2008]

Related Work (2/2) Mobile Malware Cellular Botnets: Impact on Network Core [Traynor, et al., CCS 2009] Exploiting MMS Vulnerabilities to Exhaust Battery [Racic, et al., SecureComm 2006] Exploiting SMS-Capable Cellular Network [Enck, et al., CCS 2005] HotMobile 2/23/201028

Conclusion and Future Work Conclusions: Rootkits are now a threat to smart phones Future Work: Energy efficient rootkit detection techniques Develop a rootkit detector for smart phone HotMobile 2/23/201029

Thank You! HotMobile 2/23/201030