Sophisticated memory-resident malware that target mobile phone platforms can be extremely difficult to detect and capture. However, triggering volatile memory captures based on observable system side-effects exhibited by malware can harvest live memory that contains memory-resident malware. This chapter describes a novel approach for capturing memory-resident malware on an Android device for future analysis. The approach is demonstrated by making modifications to the Android debuggerd daemon to capture memory while a vulnerable process is being exploited on a Google Nexus 5 phone. The implementation employs an external hardware device to store a memory capture after successful exfiltration from the compromised mobile device.
CITATION STYLE
Grimmett, Z., Staggs, J., & Shenoi, S. (2019). Retrofitting mobile devices for capturing memory-resident malware based on system side-effects. In IFIP Advances in Information and Communication Technology (Vol. 569, pp. 59–72). Springer New York LLC. https://doi.org/10.1007/978-3-030-28752-8_4
Mendeley helps you to discover research relevant for your work.