fm 99.9, radio virus: exploiting fm radio broadcasts for malware deployment
DESCRIPTION
FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment. E. Fernandes , B. Crispo , M. Conti IEEE Transactions on Information Forensics and Security 8(6): 1027-1037 (2013). Take Home Message. New attack vector with interesting features ...for attackers - PowerPoint PPT PresentationTRANSCRIPT
FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment
E. Fernandes, B. Crispo, M. ContiIEEE Transactions on Information Forensics and Security 8(6):
1027-1037 (2013)
Take Home Message
New attack vector with interesting features ...for attackers
Learning and exploiting security weakness of Android security model and its implementation
Inadequateness of existing mobile AV solutions
FM Radio
FM Radio Data System (RDS)
Baseband coding
1,187.5 bits per second on a 57 kHz subcarrier
Our FM Radio Attack
New attack vector: FM RDS broadcast channel
Exploiting vulnerability of Android and FM Radio API
Cross-device: Smartphone, Car Radio, USB token
Cost <500$ Antenna
RDS Encoder
Audio Signal
Transmitter Circuit
RS232 ControlReceiver Antenna
Attack
Actual AVs do not help
Antivirus Category Exploit Configuration Detected?
Norton Mobile Security Lite
Free GingerBreak Anti-Malware defense activated, Daily scan,SD Card scan
No
Lookout Security Free GingerBreak Daily scan, “security" activated, complete scan when malware was installed
No
AVG Antivirus Pro
Paid GingerBreak Full scan mode No
Kaspersky Mobile Security
Paid GingerBreak Full scan with malware existing in binary form in app directory, also Memory Scan while malware in main memory, with exploit in binary form in app directory
No
AVG Security Pro Paid GingerBreak Full scan mode No
Unique Features
Zero-fingerpring Attack
Broadcast
Geographic Attack
Can target a specific physical perimeter
Old Lessons Confirmed
One-fits-All paradygm is very bad for security
But good for interoperabiliy, time-to-market, ROI
Shortcuts to bypass the security model can only create problems
Difficult for a model to accomodate: openess, evolution and adaptation