hoodlum
MuscleHead
- Jan 3, 2012
- 903
- 172
Soundcomber, its luckily a proof of concept by researchers out of Hong Kong back in 2011 but nothing stops this exact same concept being delivered through malware with evil intents and since mobile malware is only becoming more common you can expect a malicious version of this to be floating around somewhere in cyber space today.
The easiest way to describe Soundcomber is to just say, it steals your credit card details. Keep in mind, it wasn't built to be fully featured mass-devistating malware but just as a proof of concept to show that this type of attack is possible which is certainly is. The video below may seem to go slow but gives a clear and concise play-by-play of how the program works, if you can spare 5 minutes watch the whole thing otherwise its main importance is from 1:14 - 2:57 where it will show you the program in action against a real credit card company.
It analyses your phone calls for both speech and tone. If you speak your credit card number or enter it on the screen keypad it shall transmit that to the malware owner and they can see it easily.
This is presented in quiet a basic way but hopefully you can understand what things can be built upon this concept and how it can be a danger. It's also important to note that although credit card numbers are the only thing being captured in this example, there is absolutely no reason this same concept can't be used to capture and analyze any types of speech data.
Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones
Date Published: 02/2011
http://d2i.indiana.edu/pubs/soundcomber-stealthy-and-context-aware-sound-trojan-smartphones
Direct Link: http://www.isoc.org/isoc/conferences/ndss/11/pdf/1_1.pdf
The easiest way to describe Soundcomber is to just say, it steals your credit card details. Keep in mind, it wasn't built to be fully featured mass-devistating malware but just as a proof of concept to show that this type of attack is possible which is certainly is. The video below may seem to go slow but gives a clear and concise play-by-play of how the program works, if you can spare 5 minutes watch the whole thing otherwise its main importance is from 1:14 - 2:57 where it will show you the program in action against a real credit card company.
It analyses your phone calls for both speech and tone. If you speak your credit card number or enter it on the screen keypad it shall transmit that to the malware owner and they can see it easily.
This is presented in quiet a basic way but hopefully you can understand what things can be built upon this concept and how it can be a danger. It's also important to note that although credit card numbers are the only thing being captured in this example, there is absolutely no reason this same concept can't be used to capture and analyze any types of speech data.
Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones
Date Published: 02/2011
http://d2i.indiana.edu/pubs/soundcomber-stealthy-and-context-aware-sound-trojan-smartphones
Direct Link: http://www.isoc.org/isoc/conferences/ndss/11/pdf/1_1.pdf
Last edited by a moderator: