Jump to content
M2G

POC Android botnet - Command and Control Channel over SMS

Recommended Posts

20iigq0.png

To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network.

Download the POC code from Here.

Compiling instructions are simple and straight forward. Please follow these:

Compile with arm-gcc with the -static flag set

Copy to anywhere on the underlying OS that is writable (/data/ is good).

Rename /dev/smd0/ to /dev/smd0real/

Start the bot application

Kill the radio application (ps | grep rild)

The radio will automatically respawn and now the bot proxy will be working

The PoC code for smartphone botnet C&C over SMS was presented at the Shmoocon held in January 2011. It seems that the author also has it working for the iPhone platform! For sanity purposes, the PoC code has payloads aka commands removed.

PDF: http://www.grmn00bs.com/GeorgiaW_Smartphone_Bots_SLIDES_Shmoocon2011.pdf

POC Code: http://www.grmn00bs.com/botPoCrelease-android.c

Sursa: POC Android botnet - Command and Control Channel over SMS | The Hacker News (THN) Security Blog

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...