UAB - The University of Alabama at Birmingham

↑ Return to Research

Mobile Malware

Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices

The proliferation of mobile computing devices has enabled immense opportunities for everyday users. At the same time, however, this has opened up new, and per- haps more severe, possibilites for attacks. In this project, we explore a novel generation of mobile malware called the Manchurian Malware. It exploits the rich variety of sensors available on current mobile devices.

  

Two properties distinguish the proposed malware from the existing state-of-the-art. First, in addition to the misuse of the various traditional services available on modern mobile devices, this malware can be used for the purpose of targeted context-aware attacks.Second such a malware can be commanded and controlled over context-aware, out-of-band channels as opposed to a centralized infrastructure. These communication channels can be used to reach out to a large number of infected devices, while remaining covert. To demonstrate the feasibility of the Manchurian Malware, we have designed different flavors of command and control channels based on acoustic, visual and magnetic signalling. We further built a proof-of- concept Android application implementing many such channels.

This is a joint project led by Dr. Ragib Hasan of UAB SECRETLab and Dr. Nitesh Saxena of SPIES Lab.

People

Ragib Hasan – Faculty, University of Alabama at Birmingham
Nitesh Saxena – Faculty, University of Alabama at Birmingham
Tzipora Halevi – Postdoc, Polytechnic Institute of NYU
Shams Zawoad – PhD Student, University of Alabama at Birmingham
Dustin Rinehart – MS Student, University of Alabama at Birmingham

Publication

Ragib Hasan, Nitesh Saxena, Tzipora Halevi, Shams Zawoad, and Dustin Rinehart, “Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices”, In Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2013. (Acceptance rate: 16.2%). [pdf]

Contact Information

Phone: 205.934.8643
Email: ragib [at] cis.uab dot edu

Television Media

MSN News - May 29,2013
AT&T Tech Channel - May 21,2013
FOX6 News - May 19,2013

Other Media

Mobile Security - June 10,2013
Thawte - June 9,2013
Go Articles - June 6,2013
Technology News Hub - June 4,2013
MySec (Hungary) - June 4,2013
InfoSec - June 4,2013
Straits Times (Singapore) – June 4,2013
XDA Developers - June 4,2013
ABC (In Spanish) – June 4,2013
Security Week - June 3,2013
CRN (Australia) – June 3,2013
The H Security – June 3,2013
IT Secure Site – June 3,2013
Bit Rebels – June 3,2013
WAZ (In German) - June 3,2013
News4u - June 2,2013
Mocana - June 1,2013
Discovery News - May 31,2013
SC Magazine – May 31,2013
TechOnTheGo – May 31,2013
PCWelt (In German) – May 31,2013
CanalTech (In Portuguese) – May 31,2013
IT Business Edge – May 30,2013
The Hacker News - May 30,2013
IT Business Edge – May 30,2013
Windows Club News - May 30,2013
Security Bistro - May 30,2013
VR Zone - May 30,2013
Computer World – May 29,2013
GMA News – May 29,2013
We Live Security – May 29,2013
V3 – May 29,2013
Symantec – May 29,2013
Hacker Medicine – May 29,2013
The Register – May 28,2013
POPSCI May 28,2013
Threat Post – May 28,2013
The Money Times – May 28,2013
News USA – May 28,2013
News4u – May 28,2013
Technology Bytez – May 28,2013
Net Security – May 28,2013
Silicon India News – May 28,2013
Hot for Security – May 28,2013
SecurEncrypt – May 28,2013
EFY Times - May 28,2013
Tech2 – May 28,2013
Now The Latest – May 28,2013
CXO Pulse – May 28,2013
Hacking Expose – May 28,2013
Mobile Health Sense - May 28,2013
Yahoo News - May 27,2013
Zee News - May 27,2013
Tuscaloosa Times – May 27,2013
The Financial Express - May 27,2013
Phoenix Herald – May 27,2013
The Times of India – May 27,2013
Hindustan Times – May 27,2013
Think Digit – May 27,2013
The Economic Times – May 27,2013
Birmingham Star – May 27,2013
Appthority May 24,2013
ACM TechNews – May 22,2013
Birmingham Business Journal – May 21,2013
SC Magazine – May 20,2013
Slashdot – May 20,2013
NBC News – May 20,2013
TechNews Daily – May 20,2013
Game Hacking – May 20,2013
PC PRO – May 17,2013
Phys.org – May 16,2013
UAB News – May 16,2013