April 19, 2011

 

Smartphone Botnets
by
Georgia Weidman
 

Abstract
As smartphones become increasingly ubiquitous and powerful, they become appealing targets for botnet infections. Many of the top selling smartphone platforms are built on common PC operating systems. This makes the transition from developing PC based malware to smartphone based malware nearly trivial. Smartphone malware and specifically botnets have been seen both in security research and in the wild. The GSM modem can be viewed as a public IP address without filtering or firewall capabilities. The presentation shows an example of a smartphone botnet that is controlled over the GSM function SMS. The presented system works at the base operating system below the application layer, resulting in transparency to the user. Details of the system are discussed with particular emphasis on cryptography and security concerns.

 

About the Speaker

Georgia received a M.S. from James Madison University in computer science emphasizing information security and secure software engineering in 2009 and a B.A. in Mathematics in 2006. While at JMU, she was captain for the cyber defense team, taking home 1st in the 2008 JMU cyber defense competition, 1st at the 2009 Mid-Atlantic CCDC qualifier, 2nd at the 2008 Mid-Atlantic CCDC regional, and 3rd at the 2009 Mid-Atlantic CCDC regional. She now serves as a red team member at competitions and thinks that its just as stressful as playing blue.

Since graduation Georgia has worked in vulnerability management for both the public and private sectors. She especially enjoys pentesting and forensics work when she can get it. Having a degree in software engineering, she enjoys coding small projects, in small groups, without methodology, and not in Java.

Georgia works at Reverse Space, a hackerspace in the DC area, as the Director of Cyberwarface. It was Cyberwarfare, but when she was interviewed on Hak5 they billed her as Director of Cyberwarface and she liked that more. There she manages the cyberwar center for CTF/cyber defense, malware analysis, exploit development, and whatever else members talk her into. She also teaches courses on hacking.

Georgia currently researches smartphone insecurity and mobile botnets. She was last seen speaking at Shmoocon 2011.

 

Please RSVP if you plan to attend.
Non-members are welcome without charge!  Light refreshments will be served.

Tuesday, April 19, 2011 6:30 PM

Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401

Click here for details