Saturday, April 04, 2015

Android Botnet for SMS

Another area where SMS text messages may not have received as much scrutiny is regarding messages sent by mobile botnets. If I may I will re-emphasise the following point, the purpose of the discussions here and below are not as a criticism about tools or processes that are used in extracting, harvesting and/or treating recovered data but that data analysis is still required and cannot be rushed. If the examiner doesn't perform the analysis task does the officer or investigator (who may have considerably less experience) left to perform that role?

To avoid confusion a starting point about reference to botnets is required. One contribution is this intro into botnets: https://www.usenix.org/legacy/event/leet11/tech/slides/xiang.pdf 

The video below shows how one hacker, Georgia Weidman (2011), developed an Android Smartphone Botnet to send SMS text messages.




A brief description of the code (botPoCrelease-android.c) that use the smartphone to spawn messages using a Master/Slave/Target combination to hide the identity of the Master to the Slave.

==============================================================
Compile with arm-gcc with the -static flag set
Copy to anywhere on the underlying OS that is writable (/data/ is good).
Rename /dev/smd0/ to /dev/smd0real/
Start the bot application
Kill the radio application (ps | grep rild)
The radio will automatically respawn and now the bot proxy will be working
==============================================================

The original botnet code has been in the hacking community since 2011 but currently the code is hard to find. There is a sanitised version available though.














This proof of concept mobile botnet to generate SMS text messages still relies upon knowing the target's mobile number. The analysis thus focussing on the sending party (Master) knowing the recipient mobile number (Target) to hand to the donor (Slave). In the alternative, harvested mobile numbers returned from ICMP (or similar) pings via the internet could generate a high harvest of returned MSISDNs without the Target knowing his/her MSISDN has been acquired to send messages(SMS spam, etc.).


No comments: