Stealthy video capturer: a new video-based spyware in 3G smartphones

In this paper, we investigate video-based vulnerabilities in 3G Smartphones. Particularly, we design a new video-based spyware, called Stealthy Video Capturer (SVC). SVC can secretly record video information for the third party, greatly compromising Smartphone users' privacy. We implement the spyware and conduct extensive experiments on real world 3G Smartphones. Our experimental results show that the spyware can capture private video information with unremarkable power consumption, CPU and memory occupancy, hence being stealthy to Smartphone users. Moreover, SVC can naturally be resistant to almost all commercial anti-virus tools, like McAfee, Kaspersky and F-Secure mobile version. To the best of our knowledge, our work is the first one to address video-based vulnerabilities in 3G Smartphones. We expect our work will prompt serious attentions on this issue.

[1]  Giovanni Vigna,et al.  Vulnerability Analysis of MMS User Agents , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[2]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[3]  Wenke Lee,et al.  McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[4]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[5]  Vinod Yegneswaran,et al.  Eureka: A Framework for Enabling Static Malware Analysis , 2008, ESORICS.

[6]  Tom Martin,et al.  Mobile phones as computing devices: the viruses are coming! , 2004, IEEE Pervasive Computing.

[7]  Thomas F. La Porta,et al.  Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks , 2006, IEEE/ACM Transactions on Networking.

[8]  Wenke Lee,et al.  PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[9]  Hao Chen,et al.  Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery , 2006, 2006 Securecomm and Workshops.

[10]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[11]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[12]  Songwu Lu,et al.  SmartSiren: virus detection and alert for smartphones , 2007, MobiSys '07.

[13]  Mikko Hypponen,et al.  Malware goes mobile. , 2006, Scientific American.

[14]  Guobin Shen,et al.  MobiUS: enable together-viewing video experience across two mobile devices , 2007, MobiSys '07.

[15]  Geoffrey M. Voelker,et al.  Can you infect me now?: malware propagation in mobile phone networks , 2007, WORM '07.

[16]  M. Piercy Embedded devices next on the virus target list , 2004 .

[17]  Giovanni Vigna,et al.  Using Labeling to Prevent Cross-Service Attacks Against Smart Phones , 2006, DIMVA.

[18]  George Lawton Is It Finally Time to Worry about Mobile Malware? , 2008, Computer.