FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment E. Fernandes, B. Crispo, M. Conti IEEE Transactions on Information Forensics and Security 8(6): (2013)

Take Home Message  New attack vector with interesting features...for attackers  Learning and exploiting security weakness of Android security model and its implementation  Inadequateness of existing mobile AV solutions

FM Radio

FM Radio Data System (RDS) Baseband coding 1,187.5 bits per second on a 57 kHz subcarrier

Our FM Radio Attack  New attack vector: FM RDS broadcast channel  Exploiting vulnerability of Android and FM Radio API  Cross-device: Smartphone, Car Radio, USB token  Cost <500$ Antenna RDS Encoder Audio Signal Transmitter Circuit RS232 Control Receiver Antenna

Attack

Actual AVs do not help AntivirusCategoryExploitConfigurationDetected? Norton Mobile Security Lite FreeGingerBreakAnti-Malware defense activated, Daily scan, SD Card scan No Lookout SecurityFreeGingerBreakDaily scan, “security" activated, complete scan when malware was installed No AVG Antivirus Pro PaidGingerBreakFull scan modeNo Kaspersky Mobile Security PaidGingerBreakFull scan with malware existing in binary form in app directory, also Memory Scan while malware in main memory, with exploit in binary form in app directory No AVG Security ProPaidGingerBreakFull scan modeNo

Unique Features  Zero-fingerpring Attack  Broadcast  Geographic Attack  Can target a specific physical perimeter

Old Lessons Confirmed  One-fits-All paradygm is very bad for security  But good for interoperabiliy, time-to-market, ROI  Shortcuts to bypass the security model can only create problems  Difficult for a model to accomodate: openess, evolution and adaptation