Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stealthy Video Capturer: Video- based Spyware in 3G Smartphones Stefan Maurer Liz Ellis.

Published byDorthy Short Modified over 9 years ago

Similar presentations

Presentation on theme: "Stealthy Video Capturer: Video- based Spyware in 3G Smartphones Stefan Maurer Liz Ellis."— Presentation transcript:

1 Stealthy Video Capturer: Video- based Spyware in 3G Smartphones Stefan Maurer Liz Ellis

2 Why secure Smartphones? Increasing public usage – More people buying and using Smartphones – (insert statistic here) Smartphones are incredibly mobile – Access to the most private moments – Intimate details about habits/lifestyle revealed

3 Introduction to SVC Allows hackers to have control of camera Records and sends video to a third party over an internet connection through the phone Three phases: – Install SVC without device owner’s knowledge – Collect video – Send files to hacker

4 Infection Trojan horse attached to tic-tac-toe game Binary executable file of SVC attached as resource file of game After compilation, creates executable codes of SVC When game is executed, SVC attaches itself independently and continues running even after game is closed.

5 Application Layer 3 modules Video capture – Takes chare of camera File sending – Sends data to hacker Triggering algorithm – Dynamic control module – Determines the right time to run other modules

6 “Stealthiness” and acquiring info Which is more important for the SVC intender “Stealthiness” – term used by team – Device owner should not know program is running – Team focuses on this – 3 aspects: power, CPU usage, and memory Information acquisition – Sometimes, more important to get all info than not get caught (crime scene/contracts signed) Scenario decides triggering algorithm!

7 Triggering Algorithm 2 parts: capture and sending Should change based on practical application! Main challenge: when to capture/send? CeSetUserNotificationEx() – Allows spyware to record even when phone is idle Uses Windows Mobile API to gather more info – Power, CPU status, phone dialing, etc. – Device owner should have little suspicion

8 SVC Architecture

9 When to Capture/Send? Both use specifications from API Examples: – Power level between 20%-80% – CPU usage should be no more than 50% – Device owner talking on phone: capture – Connection to internet (WiFi/Bluetooth): sending If there is knowledge about victim, can use living habits to determine when to record – Ex: businessman having important weekly conference

10 Video Capture Module Called by triggering algorithm Phases: – Open camera and take video – Determine whether images are static or dynamic – If dynamic images, compress and store If images are static, process terminates – Pictures of inside of pocket are not useful Files are hidden on the disk in hidden and unused folders

11 Video Capture Flow

12 How to Access Camera Native API has little customizability – Can access camera, but no flexibility (frame rate, file format, etc.) Access and build filter manually with software Several COM controllers developed – Enable modifications of encoding and file formats – Video Encoder and Custom Format File Render

13 Data Compression Data compression: large files are easy to detect and hard to send H.263 is used to compress files – Many Smartphones use hardware for compression, which is inaccessible – Software compression is used instead – Lower compression rate but less CPU cycles than H.264

14 File Sending Need a wireless connection – WiFi / Internet – Bluetooth – 3G Network Some delay between capture and sending is acceptable (real-time not mandatory) Use transmissions that are free of charge (unlike MMS) Several methods considered: MMS, FTP, streaming

15 File Sending cont. Prefer ability to use any wireless connections Video files are generally large – Segment into portions, and send individually Email is ideal – easily customizable, free, uniformly supported, flexible in syntax/size

16 Results O2 XDA Flame chosen for testing – Windows Mobile 5.0 OS Evaluation of stealthiness – CPU, memory, and power consumption Four states – J1: SVC running with backlight off – J2: Camera operational, but recording – J3: Recording Video and compression – J4: Sending File to the intended viewer

17 Power/CPU Consumption

18 Results cont. Memory usage is almost constant – SVC uses less than WMP (relevance?) J3 uses a large amount of power and CPU Due primarily to the complexities of the compressions algorithm Performance of SVC can be greatly improved using a better compression algorithm

19 Author's Opinions Making SVC smarter – More intelligent triggering algorithm Monitor user's living patterns – Exploit image recognition to capture video Resistant to Anti-Virus – AV is useless against new viruses/spyware Security of Phones – Low default security settings on smartphones – Biggest Vulnerability: People are stupid

20 Our Opinions Windows Media Player? What if the user does not use WiFi/Bluetooth frequently? CPU consumption of J3 When does J4 send the files? – Large CPU consumption

21 Work Cited Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., and Teng, J. 2009. Stealthy video capturer: a new video-based spyware in 3G smartphones. In Proceedings of the Second ACM Conference on Wireless Network Security (Zurich, Switzerland, March 16- 19, 2009).WiSec '09. ACM, New York, NY, 69- ‐78.

Download ppt "Stealthy Video Capturer: Video- based Spyware in 3G Smartphones Stefan Maurer Liz Ellis."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.

Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 6A Operating System Basics PART II.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 6A Operating System Basics PART II.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Nasca 2007 100 200 300 400 500 Internet Networking and Security viruses.

Nasca Internet Networking and Security viruses.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Remote Surveillance System Presented by: Robarin Holdings Limited Telephone: +44-870-729-7837 Facsimile: +44-870-922-3-222 -

Remote Surveillance System Presented by: Robarin Holdings Limited Telephone: Facsimile:
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
Structure Commander Technical Presentation. Copyright (C) MCS 2013, All rights reserved. www.mcsoil.com 2 STRUCTURE COMMANDER Introduction Product Overview.

Structure Commander Technical Presentation. Copyright (C) MCS 2013, All rights reserved. 2 STRUCTURE COMMANDER Introduction Product Overview.
ISIGN IMS Proximity Marketing Solution (IMS) iSIGN Media Corp Sales 1ATTRACT. TRANSACT. MEASURE.

ISIGN IMS Proximity Marketing Solution (IMS) iSIGN Media Corp Sales 1ATTRACT. TRANSACT. MEASURE.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Microsoft Office 2010 Introduction to Computers and How to Purchase Computers and Mobile Devices.

Microsoft Office 2010 Introduction to Computers and How to Purchase Computers and Mobile Devices.
Live MobiCast using node.js Ajay Narayan (60006864) Deepak Kumar Agarwal (71404423) Nishchint Raina (67569992)

Live MobiCast using node.js Ajay Narayan ( ) Deepak Kumar Agarwal ( ) Nishchint Raina ( )
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google