Title :
Attacking the baseband modem of mobile phones to breach the users´ privacy and network security
Author :
Xenakis, Christos ; Ntantogian, Christoforos
Author_Institution :
Dept. of Digital Syst., Univ. of Piraeus, Greece
Abstract :
As people are using their smartphones more frequently, cyber criminals are focusing their efforts on infecting smartphones rather than computers. This paper presents the design and implementation of a new type of mobile malware, named (U)SimMonitor for Android and iPhone devices, which attacks the baseband modem of mobile phones. In particular, the mobile malware is capable of stealing security credentials and sensitive information of the cellular technology including permanent and temporary identities, encryption keys and location of users. The developed malware operates in the background in a stealthy manner without disrupting the normal operation of the phone. We elaborate on the software architecture of (U)SimMonitor and provide implementation details for the specific AT commands used by the malware. We analyse the security impacts of (U)SimMonitor malware and we show that it can entirely breach the privacy of mobile users and the security of cellular networks. In particular, a mobile user with an infected phone can be identified and all his/her movements can be tracked. Moreover, all his/her encrypted phone calls and data sessions can be disclosed.
Keywords :
computer network security; data privacy; invasive software; mobile radio; smart phones; Android devices; SimMonitor malware; baseband modem; cyber criminals; iPhone devices; mobile malware; mobile phones; network security; smartphones; software architecture; user privacy; Malware; Mobile communication; Mobile computing; Modems; Smart phones; AT commands; android; iPhone; mobile malware; mobile networks;
Conference_Titel :
Cyber Conflict: Architectures in Cyberspace (CyCon), 2015 7th International Conference on
Conference_Location :
Tallinn
Print_ISBN :
978-9-9499-5442-1
DOI :
10.1109/CYCON.2015.7158480
