Ecole d'ingénieur et centre de recherche en Sciences du numérique

Dissecting SMS malwares in Android

Babu, Anoop Joseph; Raveendranath, Rahul; Rajamani, Venkiteswaran; Datta, Soumya Kanti

IC3I 2014, IEEE International Conference on Contemporary Computing and Informatics, November 27-29, 2014, Mysore, India

Android is the most widely used operating system which spans variety of smartphones, tablets and wearable devices. Since it is open source, developers can take full advantage of the extensive number of APIs in the framework. But the popularity and openness of the android made it a favorite target of malware authors. This paper focuses on the impact of some design decisions in framework which contributes in making Android applications vulnerable. A proof of concept SMS malware is presented to analyze the working of most threatening SMS malwares in the wild. This malware sends service messages to telecom operators and incurs charges or transfer of funds. It uses the vulnerability in ordered broadcast intent system to remains stealthy by intercepting and aborting possible notifications from telecom operators. Countermeasures to mitigate this security leaks are also discussed.

Document Doi Bibtex

Titre:Dissecting SMS malwares in Android
Mots Clés:Android; Security threats; Countermeasures; SMS Malware; Permissions.
Type:Invited paper in a conference
Département:Systèmes de Communication
Eurecom ref:4459
Copyright: © 2014 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+4459, doi = {}, year = {2014}, title = {{D}issecting {SMS} malwares in {A}ndroid}, author = {{B}abu, {A}noop {J}oseph and {R}aveendranath, {R}ahul and {R}ajamani, {V}enkiteswaran and {D}atta, {S}oumya {K}anti }, booktitle = {{IC}3{I} 2014, {IEEE} {I}nternational {C}onference on {C}ontemporary {C}omputing and {I}nformatics, {N}ovember 27-29, 2014, {M}ysore, {I}ndia}, address = {{M}ysore, {INDE}}, month = {11}, url = {} }
Voir aussi: