Archive for December, 2013

Hangout’s SMS integration – applying breaks on the SMS stealers

December 31, 2013

Not long ago, Google has updated the Hangout android app to provide ability to handle incoming and outgoing SMS, providing SMS integration.

While, it is seen as an additional usability feature, I could see it also serves as an additional road block for the android malware (financial) and spyware which are interested in either intercepting or interrupting incoming SMS (recall AndroidOS/Zitmo, AndroidOS/Spitmo, etc.,)

Typical workflow of malicious SMS interceptor/interrupter which is used to defeat the two factor authentication (One Time Password)

 

It could be seen from the above schematic diagram that the Android malware running in the mobile completely depends on its ability to intercept and interrupt the incoming SMS and forward that to the malicious third party. This is typically done by registering a listener for SMS Broadcast Receiver and calling abortBroadcast() to ensure that the OTP is not delivered to the victim’s inbox.

This is where the recent update to hangout’s SMS integration proves handy. Hangout registers an incoming SMS receiver with highest possible priority and ensures that all the incoming messages are tapped by it. This creates a significant roadblock to the typical operation principle of such Malware that needs the ability to tap the incoming SMS.

On a different pitch, the normal OTP (One Time Password) can be further enhanced and better placed in the multi factor authentication scheme to bolster the overall security. We will see that more on the subsequent posts.

Hope you have enjoyed reading this post. Let me know your thoughts!