Assessing Push Notification Service as Command and Control Channel of Mobile Botnet

Abstract

A botnet is a collection of computers compromised by attackers. Nowadays, botnets are being increasingly used to advance political or financial interests. With the improvement in the computation power and communication speed of mobile devices, they have become targets of attackers who want to use them to create botnets.In this thesis, we explore a new type of mobile botnet that can be realized by utilizing the push notification service (PNS) of Android Cloud to Device Messaging or Google Cloud to Messaging in an Android platform as a command-and-control channel. We also suggest a way to detect this botnet and prevent it from spreading.By exploiting the security weaknesses of the PNSs that registration process is succinct and received messages can be hidden from mobile users, we design a mobile botnet (Punobot) and evaluate the feasibility of the push notification service-based mobile botnet in several aspects. We show that Punobot is stealthy, energy-efficient, consuming small bandwidth, hard to detect maliciousness using conventional detection methods, and dangerous. We recommend remedies that any PNS services should consider to strengthen the security weaknesses of its services.