FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment

E. Fernandes, B. Crispo, M. ContiIEEE Transactions on Information Forensics and Security 8(6):

1027-1037 (2013)

Take Home Message

New attack vector with interesting features ...for attackers

Learning and exploiting security weakness of Android security model and its implementation

Inadequateness of existing mobile AV solutions

FM Radio

FM Radio Data System (RDS)

Baseband coding

1,187.5 bits per second on a 57 kHz subcarrier

Our FM Radio Attack

New attack vector: FM RDS broadcast channel

Exploiting vulnerability of Android and FM Radio API

Cross-device: Smartphone, Car Radio, USB token

Cost <500$ Antenna

RDS Encoder

Audio Signal

Transmitter Circuit

RS232 ControlReceiver Antenna

Attack

Actual AVs do not help

Antivirus Category Exploit Configuration Detected?

Norton Mobile Security Lite

Free GingerBreak Anti-Malware defense activated, Daily scan,SD Card scan

No

Lookout Security Free GingerBreak Daily scan, “security" activated, complete scan when malware was installed

No

AVG Antivirus Pro

Paid GingerBreak Full scan mode No

Kaspersky Mobile Security

Paid GingerBreak Full scan with malware existing in binary form in app directory, also Memory Scan while malware in main memory, with exploit in binary form in app directory

No

AVG Security Pro Paid GingerBreak Full scan mode No

Unique Features

Zero-fingerpring Attack

Broadcast

Geographic Attack

Can target a specific physical perimeter

Old Lessons Confirmed

One-fits-All paradygm is very bad for security

But good for interoperabiliy, time-to-market, ROI

Shortcuts to bypass the security model can only create problems

Difficult for a model to accomodate: openess, evolution and adaptation