Researchers create DIY IDS for identifying hacked smartphones
Posted on 06 August 2013.
A group of researchers from LMG Security has leveraged a Verizon Samsung femtocell - a small cellular station for extending cell phone coverage range indoors or at the cell edge - to create a relatively cheap cellular intrusion detection system that enables enterprises and private individuals to test their or their employees' smartphones for malware.


"Everyday security professionals and researchers do not have access to inspect cellular network traffic, and therefore cannot detect or respond to mobile malware by deploying network monitoring and intrusion prevention/detection systems, which are commonly used in wireless and Ethernet LANs," the researchers explained in a white paper.

"Recently, mobile device management (MDM) solutions have grown in popularity, but these solutions are expensive and require control over endpoint devices (especially impractical in BYOD environments)."

Their solution is much cheaper, and involves the aforementioned femtocell and a Linux-based Snort server through which the traffic to and from the phone is redirected. All in all, they spent less than $300 to set the system up.

In order to test the effectiveness of the setup, they infected a smartphone with the Stels Android Trojan, and have developed custom-written Snort rules to detect it.

"Hacked mobile devices pose extreme risks to confidentiality and information security. Smartphones are carried everywhere: throughout corporations, government agencies, and our nationís critical infrastructure. Infected mobile devices can intercept text messages, capture location and usage data, and even record surrounding audio," they pointed out, and said that their goal was to "reverse a critical asymmetry between attack and defense capabilities, and give defenders tools for detecting and preventing mobile malware cheaply and effectively."

The successfully proved - and demonstrated last week at the Black Hat and Def Con conferences in Las Vegas - that their setup can detected the infection and monitor, stop and alter the data that the infected cell phone sends to the C&C center.

They have also helpfully shared (under a GPL license) the source code that allowed them to do all that, as well as the step-by-step details of their research in a white paper.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //