Abstract
Advanced mobile devices such as laptops and smartphones make convenient hiding places for surveillance spyware. They commonly have a microphone and camera built-in, are increasingly network accessible, frequently within close proximity of their users, and almost always lack mechanisms designed to prevent unauthorized microphone or camera access.
In order to explore surveillance intrusion and detection methods, we present a modernized version of a microphone hijacker for Windows and Mac OS X. This attack can be executed as soon as the target connects to the Internet from anywhere in the world without requiring interaction from victimized users. As the attacker compromises additional machines they are organized into a botnet so the attacker can maintain stealthy control of the systems and launch later surveillance attacks.
We then present a mechanism to detect the threat on Windows, as well as a novel method to deceive an attacker in order to permit traceback. As a result of the detection mechanism we address a missing segment of resource control, decreasing the complexity of privacy concerns as exploitable devices become more pervasive.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Barrantes, E., Ackley, D., Forrest, S., Palmer, T., Stefanovic, D., Zovi, D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proc. of the 10th ACM Conf. on Computer and Communications Security (CCS 2003), pp. 281–289. ACM, New York (2003)
Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proc. of the 12th USENIX Security Sym. (2003)
Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating memory corruption attacks via pointer taintedness detection. In: Proc. of the 2005 International Conf. on Dependable Systems and Networks (DSN 2005). IEEE, Los Alamitos (2005)
Chiueh, T., Hsu, F.H.: RAD: A compile-time solution to buffer overflow attacks. In: Proc. of the 21st International Conf. on Distributed Computing Systems (ICDCS 2001), pp. 409–417. IEEE, Los Alamitos (2001)
Conover, M.: w00w00 on heap overflows (1999), http://www.w00w00.org/files/articles/heaptut.txt
Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. of the 7th USENIX Security Sym., pp. 63–78 (1998)
Feng, H.H., Giffin, J.T., Huang, Y., Jha, S., Lee, W., Miller, B.P.: Formalizing sensitivity in static analysis for intrusion detection. In: Proc. of the 2004 IEEE Sym. on Security and Privacy (S&P 2004) (2004)
Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proc. of the 2003 IEEE Sym. on Security and Privacy (S&P 2003) (2003)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proc. of the 1996 IEEE Sym. on Security and Privacy (S&P 1996). IEEE, Los Alamitos (1996)
Frantzen, M., Shuey, M.: StackGhost: Hardware facilitated stack protection. In: Proc. of the 10th USENIX Security Sym., pp. 55–66 (2001)
Gibson, S.: Spyware was inevitable. Commun. ACM 48(8), 37–39 (2005)
Giffin, J.T., Dagon, D., Jha, S., Lee, W., Miller, B.P.: Environment-sensitive intrusion detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 185–206. Springer, Heidelberg (2006)
Giffin, J.T., Jha, S., Miller, B.P.: Efficient context-sensitive intrusion detection. In: Proc. of the 11th Network and Distributed System Security Sym (NDSS 2004) (2004)
Hunt, G., Brubacher, D.: Detours: Binary interception of Win32 functions. In: Proc. of the 3rd USENIX Windows NT Sym., pp. 135–143 (1999)
Ianelli, N., Hackworth, A.: Botnets as a vehicle for online crime. Tech. rep., CERT (2005)
Idika, N., Mathur, A.P.: A survey of malware detection techniques. Tech. rep., SERC, SERC-TR-286 (2007)
Jun Xu, Z.K., Iyer, R.K.: Transparent runtime randomization for security. In: Proc. of the 22nd Sym. on Reliable and Distributed Systems (SRDS 2003). IEEE, Los Alamitos (2003)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proc. of the 10th ACM Conf. on Computer and Communications Security (CCS 2003), pp. 272–280. ACM, New York (2003)
Leavitt, N.: Mobile phones: the next frontier for hackers? IEEE Computer 38(4), 20–23 (2005), doi:10.1109/MC.2005.134
McCullagh, D.: FBI taps cell phone mic as eavesdropping tool. ZDNet News (2006)
Nebenzahl, D., Sagiv, M., Wool, A.: Install-time vaccination of Windows executables to defend against stack smashing attacks. IEEE Transactions on Dependable and Secure Computing (TDSC) 3(1), 78–90 (2006)
Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proc. of the 12th Network and Distributed System Security Sym. (NDSS 2005) (2005)
Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: IMC 2006: Proc. of the 6th ACM SIGCOMM Conf. on Internet Measurement, pp. 41–52 (2006)
Sandeep Bhatkar, R.S., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proc. of the 14th USENIX Security Sym. (2005)
Saponas, S.T., Lester, J., Hartung, C., Agarwal, S., Kohno, T.: Devices that tell on you: Privacy trends in consumer ubiquitous computing. In: Proc. of the 16th USENIX Security Sym., pp. 55–70 (2007)
Saxena, P., Sekar, R., Puranik, V.: Efficient fine-grained binary instrumentation with applications to taint-tracking. In: Proc. of the 2008 International Sym. on Code Generation and Optimization (CGO 2008) (2008)
Sekar, R., Bendre, M., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proc. of the 2001 IEEE Sym. on Security and Privacy (S&P 2001) (2001)
Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proc. of the 10th USENIX Security Sym. (2001)
Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: Proc. of the 33rd ACM Sym. on Principles of Programming Languages (POPL 2006) (2006)
Trilling, S., Nachenberg, C.: The future of malware. In: EICAR 1999 best paper proceedings (1999)
Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross site scripting prevention with dynamic data tainting and static analysis. In: Proc. of the 14th Network and Distributed System Security Sym. (NDSS 2007) (2007)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proc. of the 2001 IEEE Sym. on Security and Privacy (S&P 2001) (2001)
Wang, X., Chen, S., Jajodia, S.: Tracking anonymous peer-to-peer VoIP calls on the internet. In: Proc. of the 12th ACM Conf. on Computer Communications Security (2005)
Wang, X., Li, Z., Xu, J., Reiter, M.K., Kil, C., Choi, J.Y.: Packet vaccine: Black-box exploit detection and signature generation. In: Proc. of the 13th ACM Conf. on Computer and Communications Security (CCS 2006). ACM, New York (2006)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proc. of the 1999 IEEE Sym. on Security and Privacy (S&P 1999), pp. 133–145 (1999)
Wright, C.V., Ballard, L., Monrose, F., Masson, G.M.: Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In: Proc. of the 16th USENIX Security Sym. (2007)
Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: Proc. of the 15th USENIX Security Sym. (2006)
Zaystev, O.: Rootkits, Spyware/Adware, Keyloggers and Backdoors: Detection and Neutralization. A-List Publishing (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Farley, R., Wang, X. (2009). Roving Bugnet: Distributed Surveillance Threat and Mitigation. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)