Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.

Published byKennedy Birchett Modified over 10 years ago

Similar presentations

Presentation on theme: "Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department."— Presentation transcript:

1 Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department of Computer Science, Rutgers University

2 Rise of the Smart Phone HotMobile 2/23/20102

3 Rise of the Smart Phone 1993 calendar, address book, e-mail touch screen on-screen "predictive" keyboard Simon HotMobile 2/23/20102

4 Rise of the Smart Phone 19932000 Symbian OS Ericsson R380 HotMobile 2/23/20102

5 Rise of the Smart Phone 199320002002 Blackberry Windows Pocket PC Treo Treo 180 BlackBerry 5810 HotMobile 2/23/20102

6 Rise of the Smart Phone 1993200020022007 iPhone HotMobile 2/23/20102

7 Rise of the Smart Phone 19932000200220072008 iPhone 3G/3GS Android App Stores HotMobile 2/23/20102

8 3 Smart Phone Users

9 HotMobile 2/23/20104 Smart Phone Interfaces A rich set of interfaces is now available GSM GPS Bluetooth AccelerometerMicrophoneCamera

10 HotMobile 2/23/20105 Smart Phone Apps Contacts Email Location Banking Over 140,000 apps today

11 Smart Phone Operating Systems OSLines of Code Linux 2.6 Kernel10 million Android20 million Symbian20 million Complexity comparable to desktops HotMobile 2/23/20106

12 7 The Rise of Mobile Malware 2004 Cabir spreads via Bluetooth drains battery Receive message via Bluetooth? Yes No

13 HotMobile 2/23/20107 The Rise of Mobile Malware 2004 first J2ME malware sends texts to premium numbers RedBrowser 2006

14 HotMobile 2/23/20107 The Rise of Mobile Malware 2004 Kaspersky Labs report: 106 types of mobile malware 514 modifications 20062009

15 HotMobile 2/23/20108 The Rise of Mobile Malware “My iPhone is not jailbroken and it is running iPhone OS 3.0”

16 HotMobile 2/23/20109 Contributions Introduce rootkits into the space of mobile malware Demonstrate with three proof-of concept rootkits Explore the design space for detection

17 HotMobile 2/23/201010 Rootkits App User Space Kernel Space Libraries Kernel Code System Call Table Drivers Process Lists Virus Anti Virus

18 HotMobile 2/23/201011 Rootkits App User Space Kernel Space Libraries Kernel Code System Call Table Drivers Process Lists Anti Virus Rootkit Virus

19 Proof of Concept Rootkits HotMobile 2/23/201012 Note: We did not exploit vulnerabilities 1. Conversation Snooping Attack 2. Location Attack 3. Battery Depletion Attack Openmoko Freerunner

20 HotMobile 2/23/201013 1. Conversation Snooping Attack Attacker Send SMS Rootkit Infected Dial me “666-6666” Call Attacker Turn on Mic Delete SMS Rootkit stops if user tries to dial

21 HotMobile 2/23/201014 1. Conversation Snooping Attack Attacker Rootkit Infected Call Attacker Turn on Mic Calendar Notification

22 Attacker Send SMS Rootkit Infected Send Location “666-6666” 2. Location Attack Query GPS HotMobile 2/23/201015 N40°28', W074°26 SMS Response Delete SMS

23 3. Battery Depletion Attack Rootkit turns on high powered devices Rootkit shows original device status HotMobile 2/23/201016 Attack :

24 HotMobile 2/23/201017 Rootkit Detection App User Space Kernel Space Libraries Kernel Code System Call Table Drivers Process Lists Rootkit Detector Rootkit DOES NOT WORK!

25 HotMobile 2/23/201018 Memory Introspection Kernel Sys Call Table Monitor Fetch and Copy Monitor MachineTarget Machine Training Phase

26 HotMobile 2/23/201019 Memory Introspection KernelMonitor Fetch Monitor MachineTarget Machine Compare System OK Detection Phase

27 HotMobile 2/23/201020 Memory Introspection KernelMonitor Fetch Monitor MachineTarget Machine Compare Rootkit Detected Rootkit mal_write() Detection Phase

28 HotMobile 2/23/201021 Monitoring Approaches 1. Hardware Approach Monitor MachineTarget Machine Rootkit Infected NIC with remote DMA support

29 Smart Phone Challenge Monitor MachineRootkit Infected HotMobile 2/23/201022 Problem: Need interface allowing memory access without OS intervention (FireWire?)

30 HotMobile 2/23/201023 Monitoring Approaches Host Machine Hypervisor Dom0OS 2. VMM-based Approach Detector

31 Smart Phone Challenge HotMobile 2/23/201024 Problem: CPU-intensive detection algorithms exhaust phone battery Solution: Offload detection work to the service provider Send Pages Response CPU intensive work

32 Optimizations for Energy-Efficiency HotMobile 2/23/201025 Page Table Monitor Fetch Problem: Too many memory pages may have to be transferred

33 Optimizations for Energy-Efficiency HotMobile 2/23/201026 Page Table 0 0 0 0 0 0 Monitor 1 1 Fetch Solution: Only fetch and scan pages that have been recently modified

34 HotMobile 2/23/201027 Related Work (1/2) Rootkit Detection Enforcement of Kernel Data Structure Invariants [Baliga, et al., ACSAC 2008] Virtual Machine Introspection [Garfinkel and Rosenblum, NDSS 2003] Mobile Security and Detection Semantically Rich Application-Centric Security in Android [Ongtang, et al., ACSAC 2009] Detecting Energy-Greedy Anomalies [Kim, et al., MobiSys 2008]

35 Related Work (2/2) Mobile Malware Cellular Botnets: Impact on Network Core [Traynor, et al., CCS 2009] Exploiting MMS Vulnerabilities to Exhaust Battery [Racic, et al., SecureComm 2006] Exploiting SMS-Capable Cellular Network [Enck, et al., CCS 2005] HotMobile 2/23/201028

36 Conclusion and Future Work Conclusions: Rootkits are now a threat to smart phones Future Work: Energy efficient rootkit detection techniques Develop a rootkit detector for smart phone HotMobile 2/23/201029

37 Thank You! HotMobile 2/23/201030

Download ppt "Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department."

Similar presentations

Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.

Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.
Operating System Structures

Operating System Structures
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Chap 2 System Structures.

Chap 2 System Structures.
Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.
University of Utah 1 Portable Computers Early -Osborne -Kaypro -Compaq

University of Utah 1 Portable Computers Early -Osborne -Kaypro -Compaq
Robin Estabrooks Computer Science 1631, Winter 2011.

Robin Estabrooks Computer Science 1631, Winter 2011.
Chan pak lim chau ho chit cheung tak ching yip pak ho g2

Chan pak lim chau ho chit cheung tak ching yip pak ho g2
Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.
The Topic : The Difference Between The Blackberry And The IPhone Week 6 HomeWork.

The Topic : The Difference Between The Blackberry And The IPhone Week 6 HomeWork.
Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:

Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Android Wentworth Institute of Technology Elec101 07/08 Douglas A. Arevalo-Santos.

Android Wentworth Institute of Technology Elec101 07/08 Douglas A. Arevalo-Santos.
Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.

Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
V.04022012 | © OverDrive, Inc. 2012 | Page 1 User Experience: Library eBooks for Kindle.

V | © OverDrive, Inc | Page 1 User Experience: Library eBooks for Kindle.

Similar presentations

Ads by Google