M2G Posted April 3, 2012 Report Posted April 3, 2012 To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network.Download the POC code from Here.Compiling instructions are simple and straight forward. Please follow these: Compile with arm-gcc with the -static flag set Copy to anywhere on the underlying OS that is writable (/data/ is good). Rename /dev/smd0/ to /dev/smd0real/ Start the bot application Kill the radio application (ps | grep rild) The radio will automatically respawn and now the bot proxy will be workingThe PoC code for smartphone botnet C&C over SMS was presented at the Shmoocon held in January 2011. It seems that the author also has it working for the iPhone platform! For sanity purposes, the PoC code has payloads aka commands removed.PDF: http://www.grmn00bs.com/GeorgiaW_Smartphone_Bots_SLIDES_Shmoocon2011.pdfPOC Code: http://www.grmn00bs.com/botPoCrelease-android.cSursa: POC Android botnet - Command and Control Channel over SMS | The Hacker News (THN) Security Blog Quote
SPEEDE Posted April 4, 2012 Report Posted April 4, 2012 (edited) daca stie cineva o metoda de securizare a acestei metode sau stiti sa securizati alte vulnerabilitati pe Android/Ios (contra cost) sa imi dea un PM Edited April 4, 2012 by SPEEDE Quote