The undoubted success of very powerful and pervasively IP enabled cellular phones raises the obvious question whether the cellular world will also enter a severe security crisis like the PC itself. Moreover, this serious question is amplified through the use of new Open and even Web-OS oriented phone platforms. Considering the most dangerous security threat which might be given in the form of cellular botnets, a very recent paper measured already the potential impact of such a hypothetical botnet. While this theoretical work of Traynor et al pointed out some intrinsic challenges of a cellular botnet, they emphasized the significant threats of such botnets for the core network. Unfortunately, this paper shows that this new attack vector is quite real. Indeed, we describe a cellular botnet and our solutions to the cellular challenges. In addition to that we also sketch and evaluate our real implementation on the world’s most popular smart phone the iPhone. Our devastating results, clearly ring an alarm for urgent cellular phone protection mechanisms.
[1]
Alfred Menezes,et al.
The Elliptic Curve Digital Signature Algorithm (ECDSA)
,
2001,
International Journal of Information Security.
[2]
David Mazières,et al.
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
,
2002,
IPTPS.
[3]
Brent Byunghoon Kang,et al.
Peer-to-Peer Botnets: Overview and Case Study
,
2007,
HotBots.
[4]
T. Holz,et al.
Towards Next-Generation Botnets
,
2008,
2008 European Conference on Computer Network Defense.
[5]
Thomas F. La Porta,et al.
On cellular botnets: measuring the impact of malicious devices on a cellular network core
,
2009,
CCS.
[6]
Vinod Yegneswaran,et al.
An Analysis of the iKee.B iPhone Botnet
,
2010,
MobiSec.
[7]
Wenke Lee,et al.
Evaluating Bluetooth as a Medium for Botnet Command and Control
,
2010,
DIMVA.