Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers

Research Article

An Analysis of the iKee.B iPhone Botnet

Download
545 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-17502-2_12,
        author={Phillip Porras and Hassen Sa\~{n}di and Vinod Yegneswaran},
        title={An Analysis of the iKee.B iPhone Botnet},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={5},
        keywords={},
        doi={10.1007/978-3-642-17502-2_12}
    }
    
  • Phillip Porras
    Hassen Saïdi
    Vinod Yegneswaran
    Year: 2012
    An Analysis of the iKee.B iPhone Botnet
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-17502-2_12
Phillip Porras1,*, Hassen Saïdi1,*, Vinod Yegneswaran1,*
  • 1: SRI International
*Contact email: porras@csl.sri.com, saidi@csl.sri.com, vinod@csl.sri.com

Abstract

We present an analysis of the iKee.B (duh) Apple iPhone bot client, captured on November 25, 2009. The bot client was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server. This report details the logic and function of iKee’s scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.