دورية أكاديمية

Gaming the system: tetromino-based covert channel and its impact on mobile security.

التفاصيل البيبلوغرافية
العنوان: Gaming the system: tetromino-based covert channel and its impact on mobile security.
المؤلفون: Vasilellis, Efstratios, Botsos, Vasileios, Anagnostopoulou, Argiro, Gritzalis, Dimitris
المصدر: International Journal of Information Security; Aug2024, Vol. 23 Issue 4, p3007-3027, 21p
مصطلحات موضوعية: ARCADE games, VIDEO game consoles, HYPNOTISM, GAMIFICATION, GAMES
مستخلص: Trojan droppers consistently emerge as challenging malware threats, particularly within the Android ecosystem. Traditional malware detection approaches focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite efforts to harden network defenses against such droppers, malicious threat actors keep exploring unconventional infiltration approaches. This study expands on covert channel attacks, proposing the use of gaming platforms, like the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game's Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we deliver and execute malicious payloads on target devices within 3 to 7 min. This is achieved by combining the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm, and mapping Tetromino blocks to a Meterpreter payload to innovatively deliver malicious payloads via gameplay suggestions. Our work provides a novel covert channel attack which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and human oversight during dynamic malware analysis. [ABSTRACT FROM AUTHOR]
Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
قاعدة البيانات: Complementary Index
الوصف
تدمد:16155262
DOI:10.1007/s10207-024-00875-3