Abstract: We explore the threat of smartphone malware with access to on-board sensors, which opens new avenues for illicit collection of private information. While existing work shows that such “sensory malware” can convey raw sensor data (e.g., video and audio) to a remote server, these approaches lack stealthiness, incur significant communication and computation overhead during data transmission and processing, and can easily be defeated by existing protections like denying installation of applications with access to both sensitive sensors and the network. We present Soundminer, a Trojan with few and innocuous permissions, that can extract a small amount of targeted private information from the audio sensor of the phone. Using targeted profiles for context-aware analysis, Soundminer intelligently “pulls out” sensitive data such as credit card and PIN numbers from both tone- and speech-based interaction with phone menu systems. Soundminer performs efficient, stealthy local extraction, thereby greatly reducing the communication cost for delivering stolen data. Soundminer automatically infers the destination phone number by analyzing audio, circumvents known security defenses, and conveys information remotely without direct network access. We also design and implement a defensive architecture that foils Soundminer, identify new covert channels specific to smartphones, and provide a video demonstration of Soundminer.
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.