Today I want to warn you about a very common type of malware: Botnet. I will briefly explain how it works and how to avoid to be infected.
Introduction
In the last years the spread of Android phones is increased significantly and with it the malicious user that want a monetary benefits or have political interests. Also the increase of computational power of the devices has contributed to this phenomenon.
What is a Botnet
A botnet is a network of infected device that are called bot in which the botmaster can send arbitrary command to be executed. The main differences between various botnets are the protocol used to send command from the botmaster to the bots.
How a botnet can control its bots
In this section I'll show you all the type of control mechanism used by the botnets to control their infected devices.
SMS Protocol
The SMS protocol exploit the old and stable SMS system to exchange information between botmaster and botnets. In a SMS is codified a command that can be a plaintext or a ciphertext.
HTTP Protocol
The HTTP protocol can be used in two ways:
- Classical: a server expose some APIs that the bot and botmaster calls to exchange information.
- Encoded: a server can expose a file in a general website where the command is encoded.
GCM Protocol
The GCM protocol exploit the flexible and efficient Google Cloud Messaging to exploit the Android Notification System in order to send command completely silent from the perspective of the user.
How android try to fight back this problem
In Android there is a permission based model that protect the sensitive information of the device, such as telephony, GPS, network, write and read file, access to the sms system etc.
Source
Permissions
When an application want to access to one of the sensitive information of the device the Android System mediate and control if the application has the permission to access to that resources [1].
The permission are encoded in a specific file called Manifest. At the time that user download the application, the system ask to the user to accept the permission of that application. If the user does not accept he cannot install the app.
In this way the decision to allow o not a resources to an application is demanded to the user.
App Sandboxing
The Android kernel is a variant of the Linux kernel and from it inherit the Linux Discretionary Access Control (DAC). At every app process is assigned a UID (unique id) and is placed in an isolated sandbox. The sandbox does not allow to the other app to access at the information of the app.[2]
If an app have a permission to one of the sensitive information of the precedent paragraph, at the app is assigned the GID (group id) of the specific information allowed to access.
Every app Android is signed with a specific key that identify a developer and his reputation. If two app have the same key, they have the same UID. In this way the app of the same developer can exchange the data.
To run the application a Google’s cloud infrastructure is used and the application is simulated to see how it will run on an Android device.
Secure Google Play Store
The app installed from the Google Play Store are analyzed by Bouncer [3]. This system is not perfect but it is a good filter for the malicious app [4]. It analyze all the application uploaded to the Google Play Store. It search for a known malicious behavior and analyze the application in order to found a similarity with a well-known malware, spyware or Trojans.
Secure Third Party Markets
If the device is connected to internet and install an app from third party markets there is a mechanism to find a malicious behavior exploiting. In this case the Android system send to the server the signature of the app and determine if it is safe or not. [5]
Conclusion
My advise is DO NOT INSTALL an application outside the official Play Store. The platform offers you some simple, free and powerful tools to avoid that the smartphone will be infected and used in a botnet. That doesn't means that, if you install applications only from Play Store you are 100% safe but, if you install applications outside the Play Store you are almost certain that you will be infected.
[1] W. Enck, M. Ongtang, and P. Mc-Daniel "Understanding android security". IEEE Security Privacy, vol. 7, no. 1, pp. 50-57, Jan./Feb. 2009. [Online]. Available: http://dx.doi.org/10.1109/MSP.2009.26.
[2] "Android Security Overview". (Online; Last Accessed Nov. 15, 2015). [Online]. Available: https://source.android.com/security/.
[3] Google Bouncer "A Look at Google Bouncer". (Online; Last accessed Nov. 15, 2015). [Online]. Available: http://blog.trendmicro.com/trendlabssecurity-intelligence/a-look-at-googlebouncer/.
[4] J. Oberhide "Dissecting the Android Bouncer". (Online; Last Accessed Nov. 15, 2015). [Online]. Available: http://jon.oberheide.org/blog/2012/06/21/dissectingthe-android-bouncer/.
[5] Florence Ion "Are third-party security apps still necessary with Android 4.2?". (Online; Last Accessed Nov. 15, 2015). [Online]. Available: http://arstechnica.com/gadgets/2012/11/arethird-party-security-apps-still-necessarywith-android-4-2/.
Wow I had no idea that this could happen. Thank you for the warning.
Congratulations @lino! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPBy upvoting this notification, you can help all Steemit users. Learn how here!
This post received a 1.5% upvote from @randowhale thanks to @lino! For more information, click here!