Covert channel based eavesdropping malware analysis and detection for android systems

Yu Chun Lu, Je Guang Sung, Chu Sing Yang, Ya Yin Yang

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Nowadays we have highly developed semiconductor engineering and can see the increasingly popular use of mobile computing devices and smartphones which are not only equipped with high speed CPUs and enormous storage capabilities but also have various built-in auxiliary processors and sensors. This advanced hardware and technology brings great convenience, however users are faced with a growing threat to their personal privacy due to various information security issues. This is especially true for the non-official APP markets which might provide malicious cybercriminals with a breeding ground from which to spread their malware and viruses targeting Android mobile devices. Due to their growing popularity, mobile phones and smartphones and tools for voice communication and information-passing may be endangered by the threats mentioned above once there is malicious eavesdropping malware which targets these smart mobile devices and they start to spread themselves. Regardless of whether users are passing information via a telephone network, their voices over Internet Protocol communication system, or simple text messages and email, malware will inevitably crop up, causing negative consequences which smartphone users must face due to the great threat to their personal privacy and information security. The very existence of Covert Channels on Android systems provides a pathway for stealthy data transfer between different Android APPs. Malicious Android APPs can utilize system resources such as screen brightness, volume and external storage to launch a covert channel communication. If no appropriate countermeasure is deployed, malicious Android Malware will use this approach to lower Android Permissions required to block each malware's entry, secretly transmitting/receiving private data, and jeopardizing smartphone users' privacy and information security. Therefore, we have to pay attention to these kinds of threats. In this paper, we analyze various scenarios and examine the possibility of android smartphones being eavesdropped upon by malicious APPs. For the purpose of experiment and analysis for our anti-eavesdropping framework design, we implemented a test malware which integrates VoIP technology and an Android covert channel. In our conclusion, we propose a malware eavesdropping countermeasure solution composed of a Covert Channel Detection Module and an Eavesdropping Behavior Analysis Module. Based on this solution, we implement an Android APP and prove that our APP can execute malicious eavesdropping behavior analysis using limited Android Permissions and mobile computing resources.

Original languageEnglish
Title of host publication12th European Conference on Information Warfare and Security 2013, ECIW 2013
PublisherAcademic Conferences Ltd
Number of pages9
ISBN (Print)9781627489089
Publication statusPublished - 2013
Event12th European Conference on Information Warfare and Security 2013, ECIW 2013 - Jyvaskyla, Finland
Duration: 2013 Jul 112013 Jul 12

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610


Other12th European Conference on Information Warfare and Security 2013, ECIW 2013

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Covert channel based eavesdropping malware analysis and detection for android systems'. Together they form a unique fingerprint.

Cite this