Posts Tagged ‘Dinesh Venkatesan’

An analyst perspective of the latest defense against the SMS Trojans in Android 4.2

November 18, 2012

I have updated this blog with the insights gained after walking through the source code of how this feature has been implemented.

The latest version of Google’s Android comes with many flashy features. Among them, the feature that has yielded immediate attention was “alert on SMS to premium numbers”.

This is really a very impressive move by the Big-G.  Let us first see, how this new feature can be a very good second line defense against typical Sms Trojans.

Well, the bottomline of this new feature is simple. Even though an application has sought permission from the user  to send SMS during its installation, if it tries to send a SMS to a premium number (to a short code), the user will be prompted with an alert that the appliction is trying to send sms to a premium number and whether the user would like to allow it.

See this behavior in action in fig.1

Alert prompt on SMS to premium numbers

fig.1:Alert prompt on SMS to premium numbers

This is indeed a very good way of handling the existing problem. However, the logic of prompting this alert needs more analysis.

The prompt gets triggered based on a regular expression based pattern matcher. The pattern matcher varies based on the country in which the SIM card is registered. For example, if the victim device has a sim card registered in US, this functionality will only  get enforced if  the destination mobile shortcode number’s length is five digits and compliant with the regular expression designed to identify the US short codes.  This is really a great approach as it strikes perfect balance between usability and security.

Currently, there are only few country specific pattern matchers implemented, especially for those regions where most number of mobile threat incidents reported.

Second, this feature is available in the recent version where as most of the active devices will not get this luxury  unless they choose to get it through a third party app.