Presentation Material
Presentation
Video
Abstract
Smartphones are a hot new market for software developers. Millions of potential customers, and a large percentage willing to part with a small sum of money for your latest creation. Even a moderately successful app can help fill your pockets. It’s hard to ignore for legitimate developers. It’s even harder to ignore for criminals.
Things have changed from the old days of malware creation. It’s no longer just about proving yourself or testing a new platform by writing proof-of-concepts(PoCs), porting old malware, and learning the idiosyncrasies of the development tools. Now it’s about evading detection and taking a profit. Where there’s money, crime usually follows.
The presentation is not about attribution, naming names or pointing out the parties responsible. It’s about the underlying technology and the methods used, including:
- how actual examples in the wild function
- detection/analysis evasion techniques
- geographical trends in profit-taking malware
AI Generated Summary (may contain errors)
Here is a summary of the content:
The speaker discusses two Android app concepts that demonstrate potential security threats. The first concept, for SoundC, involves an app that intercepts audio recordings of users interacting with IVR systems (e.g., credit card companies) and extracts sensitive information such as credit card numbers. The app uses microphone permissions to record audio and fingerprint the IVR system, allowing it to extract digits from user input.
The second concept involves an Android app that fingerprints lock screen patterns by detecting vibrations on the phone when users type in their passwords or PINs. This allows the app to identify which numbers are being typed in without requiring extensive permissions.
The speaker notes that these concepts were developed in academia and demonstrate the potential for malicious actors to exploit vulnerabilities in mobile devices. They also mention a recent incident involving hacked iTunes accounts, where stored account balances were accessed, but emphasize that there is no evidence linking this incident to mobile devices.
Overall, the content highlights the importance of security measures on mobile devices and the need for users to be aware of potential threats to their sensitive information.