Transcript Exploiting FM Radio Broadcasts for Malware Deployment

FM 99.9, Radio Virus: Exploiting FM Radio
Broadcasts for Malware Deployment
E. Fernandes, B. Crispo, M. Conti
IEEE Transactions on Information Forensics and Security 8(6):
1027-1037 (2013)
Take Home Message

New attack vector with interesting features ...for attackers

Learning and exploiting security weakness of Android security
model and its implementation

Inadequateness of existing mobile AV solutions
FM Radio
FM Radio Data System (RDS)
Baseband coding
1,187.5 bits per second on a 57 kHz subcarrier
Our FM Radio Attack

New attack vector: FM RDS broadcast channel

Exploiting vulnerability of Android and FM Radio API

Cross-device: Smartphone, Car Radio, USB token

Cost <500$
Antenna
RDS Encoder
Transmitter Circuit
Receiver Antenna
Audio Signal
RS232 Control
Attack
Actual AVs do not help
Antivirus
Category
Exploit
Configuration
Detected?
Norton Mobile
Security Lite
Free
GingerBreak
Anti-Malware defense activated, Daily
scan,
SD Card scan
No
Lookout Security
Free
GingerBreak
Daily scan, “security" activated,
complete scan when malware was
installed
No
AVG Antivirus
Pro
Paid
GingerBreak
Full scan mode
No
Kaspersky
Mobile Security
Paid
GingerBreak
Full scan with malware existing in binary
form in app directory, also Memory Scan
while malware in main memory, with
exploit in binary form in app directory
No
AVG Security Pro
Paid
GingerBreak
Full scan mode
No
Unique Features

Zero-fingerpring Attack


Broadcast
Geographic Attack

Can target a specific physical perimeter
Old Lessons Confirmed

One-fits-All paradygm is very bad for security


But good for interoperabiliy, time-to-market, ROI
Shortcuts to bypass the security model can only create problems

Difficult for a model to accomodate: openess, evolution and
adaptation