Punobot: Mobile Botnet Using Push Notification Service in Android

摘要

A botnet is a collection of computers compromised by attackers, which is being increasingly used to advance political or financial interests. Recently, mobile botnets that rely on compromised mobile devices are emerging due to their improvements in computation power and communication capability. To cope with mobile botnets, we need to anticipate and prevent their command and control (C&C) channels. In this paper, we explore a new C&C channel for mobile botnets that is based on the push notification service (PNS) of Android: Google Cloud Messaging for Android (GCM). We find that (1) the registration process of the GCM only checks the validity of Gmail address and (2) applications can hide received push messages from users. By exploiting these two vulnerabilities, we evaluate the feasibility of the push notification service-based mobile botnet (Punobot) in several aspects. We show that Punobot is stealthy, energy-efficient, and dangerous. We also recommend remedies that any PNSs should consider to eliminate their security weaknesses.