This paper presents a system for proving the existence of malware on mobile phones that are exhibits in a criminal investigation. The system masquerades as legitimate GSM/GPRS network and thus is able to intercept and process all traffic sent from and received by the mobile. Eavesdropping the complete traffic is important, as mobile malware applications use IP as well as SMSs for communication. Some malware apps even check the type of IP connectivity and require both, GPRS and GSM to be present to work correctly. The proposed system intercepts the traffic in a simulated GSM/GPRS environment and additionally provides a connection to the real or a simulated Internet. After the traffic has been recorded it is post-processed using various filter options and presented in the form of an HTML report for further analysis.
[1]
Gunnar Heine,et al.
GPRS: Gateway to Third Generation Mobile Networks
,
2003
.
[2]
Axelle Apvrille.
Symbian worm Yxes: towards mobile botnets?
,
2012,
Journal in Computer Virology.
[3]
Fred Piper,et al.
Feature: Cryptographic solutions for voice telephony and GSM
,
1998
.
[4]
Aubrey-Derrick Schmidt,et al.
Detection of Smartphone Malware
,
2011
.
[5]
Christopher Krügel,et al.
A survey on automated dynamic malware-analysis techniques and tools
,
2012,
CSUR.
[6]
Simin Nadjm-Tehrani,et al.
Crowdroid: behavior-based malware detection system for Android
,
2011,
SPSM '11.