Assessing Push Notification Service as Command and Control Channel of Mobile Botnet
- Title
- Assessing Push Notification Service as Command and Control Channel of Mobile Botnet
- Authors
- 이하영
- Date Issued
- 2013
- Publisher
- 포항공과대학교
- Abstract
- A botnet is a collection of computers compromised by attackers. Nowadays, botnets are being increasingly used to advance political or financial interests. With the improvement in the computation power and communication speed of mobile devices, they have become targets of attackers who want to use them to create botnets.In this thesis, we explore a new type of mobile botnet that can be realized by utilizing the push notification service (PNS) of Android Cloud to Device Messaging or Google Cloud to Messaging in an Android platform as a command-and-control channel. We also suggest a way to detect this botnet and prevent it from spreading.By exploiting the security weaknesses of the PNSs that registration process is succinct and received messages can be hidden from mobile users, we design a mobile botnet (Punobot) and evaluate the feasibility of the push notification service-based mobile botnet in several aspects. We show that Punobot is stealthy, energy-efficient, consuming small bandwidth, hard to detect maliciousness using conventional detection methods, and dangerous. We recommend remedies that any PNS services should consider to strengthen the security weaknesses of its services.
- URI
- http://postech.dcollection.net/jsp/common/DcLoOrgPer.jsp?sItemId=000001557541
https://oasis.postech.ac.kr/handle/2014.oak/1792
- Article Type
- Thesis
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.