Android - On-device detection of SMS catchers and sniffers

With 6.1 trillion text messages sent in 2010 alone, short message service (SMS) is still one of the most popular mobile communication services. Due to its continuing popularity, SMS technology is nowadays used in various fields of application. This also includes security-sensitive fields such as e-banking, or e-government. In these fields, SMS technology is for instance employed to authorize financial transactions or the creation of qualified electronic signatures. Modern smartphone platforms such as Google Android provide application developers with the means to include SMS functionality. This can be beneficial in most cases but also facilitates the implementation of malware that is able to send and receive SMS messages unnoticed by the legitimate end user. In this context, SMS sniffers and SMS catchers have recently attracted attention. This kind of malware intercepts incoming SMS messages either to spy on security-sensitive data transmitted via SMS or to receive SMS-based malware control commands. For security-sensitive SMS-based applications, SMS catchers pose a serious threat. A recent attack on SMS-based e-banking systems has employed SMS catchers on smartphones to steal 36.000.000 Euro from corporate and private bank accounts in Europe. Unfortunately, security software for smartphones is still in the fledging stages and current solutions are not able to reliably detect SMS catchers. To overcome this problem, we introduce different methods to detect SMS sniffers and SMS catchers on smartphones. We discuss benefits and limitations of the proposed methods and show how these methods can be assembled to a comprehensive detection workflow for SMS-based malware. By providing means to detect SMS catchers and sniffers on smartphones, our work contributes to the security of current and future SMS-based applications.