Abstract
Smartphone security has become increasingly more significant as smartphones become a more important part of many individuals' daily lives. Smartphones undergo all computer security issues; however, they also introduce a new set of security issues as various capabilities are added. Smartphone security researchers pay more attention to security issues inherited from the traditional computer security field than smartphone-related security issues. The primary network that smartphones are connected to is the cellular network, but little effort has been directed at investigating the potential security issues that could threaten this network and its end users.
A new possible threat that could occur in the cellular network is introduced in this paper. This research proves the ability to use the cellular network voice channel as a covert channel that can convey covert information as speech, thus breaking the network policies. The study involves designing and implementing multiple subsystems in order to prove the theory. First, a software audio modem that is able to convert digital data into audio waves and inject the audio waves to the GSM voice channel was developed. Moreover, a user-mode rootkit was implemented in order to open the voice channels by stealthily answering the incoming voice call, thus breaking the security mechanisms of the smartphone.
Multiple scenarios also were tested in order to verify the effectiveness of the proposed covert channel. The first scenario is a covert communication between two parties that intends to hide their communications by using a network that is unknown to the adversary and not protected by network security guards. The two parties communicate through the cellular network voice channel to send and receive text messages. The second scenario is a side channel that is able to leak data such as SMS or the contact of a hacked smartphone through the cellular network voice channel. The third scenario is a botnet system that uses the voice channel as command and control channel (C2). This study identifies a new potential smartphone covert channel, so the outcome should be setting countermeasures against this kind of breach.
Library of Congress Subject Headings
Internet telephony--Security measures; Smartphones--Security measures
Publication Date
1-1-2014
Document Type
Thesis
Student Type
Graduate
Degree Name
Networking and System Administration (MS)
Department, Program, or Center
Computer Science (GCCIS)
Advisor
Daryl Johnson
Advisor/Committee Member
Bill Stackpole
Advisor/Committee Member
Sumita Mishra
Recommended Citation
Aloraini, Bushra Sulaiman, "A New Covert Channel Over Cellular Network Voice Channel" (2014). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/8366
Campus
RIT – Main Campus
Plan Codes
NETSYS-MS
Comments
Physical copy available from RIT's Wallace Library at TK5105.8865 .A56 2014