Soundminer Android malware listens, then steals, phone data

Researchers have developed a sneaky piece of code that listens while a person dials in data

Researchers have developed a low-profile Trojan horse program for Google's Android mobile OS that steals data in a way that is unlikely to be detected by either a user or antivirus software.

The malware, called Soundminer, monitors phone calls and records when a person, for example, says their credit card number or enters one on the phone's keypad, according to the study.

Using various analysis techniques, Soundminer trims the extraneous recorded information down to the most essential, such as the credit card number itself, and sends just that small bit of information back to the attacker over the network, the researchers said.

The study was done by Roman Schlegel of City University of Hong Kong and Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, XiaoFeng Wang of Indiana University in Bloomington, Indiana.

"We implemented Soundminer on an Android phone and evaluated our technique using realistic phone conversation data," they wrote. "Our study shows that an individual's credit card number can be reliably identified and stealthily disclosed. Therefore, the threat of such an attack is real."

Soundminer is designed to ask for as few permissions as possible to avoid suspicion. For example, Soundminer may be allowed access to the phone's microphone, but further access to transmit data, intercept outgoing phone calls and access contact lists might look suspicious.

So in another version of the attack, the researchers paired Soundminer with a separate Trojan, called Deliverer, which is responsible for sending the information collected by Soundminer.

Since Android could prevent that communication between applications, the researchers investigated a stealthy way for Soundminer to communicate with Deliverer. They found what they term are several "covert channels," where changes in a feature are communicated with other interested applications, such as vibration settings.

Soundminer could code its sensitive data in a form that looks like a vibration setting but is actually the sensitive data, where Deliverer could decode it and then send it to a remote server. That covert vibration settings channel only has 87 bits of bandwidth, but that is enough to send a credit card number, which is just 54 bits, they wrote.

Soundminer was coded to do the voice and number recognition on the phone itself, which avoids the need to send large chunks of data through the network for analysis, which might again trigger an alert from security software.

If it is installed on a device, users are likely to approve of the settings that Soundminer is allowed to use, such as the phone's microphone. Since Soundminer doesn't directly need network access due to its use of a covert side channel to send its information, it is unlikely to raise suspicion.

Two antivirus programs for Android, VirusGuard from SMobile Systems and Droid Security's AntiVirus, both failed to identify Soundminer as malware even when it was recording and uploading data, according to the researchers.

In an e-mail statement, Google officials in London did not directly address Soundminer but said that Android is designed to minimize the impact of "poorly programmed or malicious applications if they appear on a device."

"If users believe an application is harmful or inappropriate, they can flag it, give it a low rating, leave a detailed comment, and of course, remove it from their device," Google said. "Applications deemed to be in violation of our policies are removed from Market, and abusive developers can also be blocked from using the Android Market for repeated or egregious violations of our policies."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags fraudmobilemalwaremobile securityGooglesoftwaredata protectionapplicationstelecommunicationMobile operating systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?