Covert Channel Based Eavesdropping Malware Analysis and Detection for Android Systems

摘要

Nowadays we have highly developed semiconductor engineering and can see the increasingly popular use of mobile computing devices and smartphones which are not only equipped with high speed CPUs and enormous storage capabilities but also have various built-in auxiliary processors and sensors. This advanced hardware and technology brings great convenience, however users are faced with a growing threat to their personal privacy due to various information security issues. This is especially true for the non-official APP markets which might provide malicious cybercriminals with a breeding ground from which to spread their malware and viruses targeting Android mobile devices. Due to their growing popularity, mobile phones and smartphones and tools for voice communication and information-passing may be endangered by the threats mentioned above once there is malicious eavesdropping malware which targets these smart mobile devices and they start to spread themselves. Regardless of whether users are passing information via a telephone network, their voices over Internet Protocol communication system, or simple text messages and email, malware will inevitably crop up, causing negative consequences which smartphone users must face due to the-great threat to their personal privacy and information security. The very existence of Covert Channels on Android systems provides a pathway for stealthy data transfer between different Android APPs. Malicious Android APPs can utilize system resources such as screen brightness, volume and external storage to launch a covert channel communication. If no appropriate countermeasure is deployed, malicious Android Malware will use this approach to lower Android Permissions required to block each malware's entry, secretly transmitting/receiving private data, and jeopardizing smartphone users' privacy and information security. Therefore, we have to pay attention to these kinds of threats. In this paper, we analyze various scenarios and examine the possibility of android smartphones being eavesdropped upon by malicious APPs. For the purpose of experiment and analysis for our anti-eavesdropping framework design, we implemented a test malware which integrates VoIP technology and an Android covert channel. In our conclusion, we propose a malware eavesdropping countermeasure solution composed of a Covert Channel Detection Module and an Eavesdropping Behavior Analysis Module. Based on this solution, we implement an Android APP and prove that our APP can execute malicious eavesdropping behavior analysis using limited Android Permissions and mobile computing resources.