By Sherri Davidoff   /   Jul 26th, 2013

Cellular Intrusion Detection System (CIDS) DIY | LMG Security

LMG’s researchers have created the world’s first proof-of-concept cellular intrusion detection system (CIDS), which will enable enterprise security professionals to detect hacked smartphones cheaply and effectively, even in BYOD environments. Click here to download the full whitepaper with details.

DIY-Setup-Smaller

  • Hacked smartphones pose extreme risks to national security. Infected
    smartphones can record surrounding audio, intercept text messages,
    capture location and usage data, and send all that stolen data back to
    an attacker.
  • For less than $300, LMG created a CIDS by modifying a Verizon Samsung femtocell and redirecting traffic to a server running the open-source intrusion detection software (Snort).
  • LMG then infected a smartphone with the Android.Stels malware and developed custom-written Snort rules to detect it.
  • LMG’s CIDS successfully detected and alerted upon the infection and the malware’s subsequent command-and-control (C&C) communications with the attacker’s server.
  • No software needs to be installed on the smartphone itself.
  • LMG also found a weakness in the Android.Stels malware’s C&C channel and remotely took control of the bot over the network.
  • LMG’s project demonstrates that low-cost cellular intrusion detection systems (CIDSs) are not only possible, they are an inexpensive and effective way to combat mobile malware.

Click here for the whitepaper with full details on how to build your own DIY Cellular IDS.

UPDATE: Source code released! Check out the CellularIDS repository on SourceForge.

More info:
** Full details were released Thursday, August 1 2013 at the Black Hat Conference: https://www.blackhat.com/us-13/briefings.html#Davidoff
** Email [email protected] for questions and interviews.
** Video demonstration to follow– check back soon!

About the Author

Sherri Davidoff

Sherri Davidoff is the CEO of LMG Security and the author of “Data Breaches: Crisis and Opportunity.” As a recognized expert in cybersecurity, she has been called a “security badass” by the New York Times. Sherri is a regular instructor at the renowned Black Hat trainings and a faculty member at the Pacific Coast Banking School. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), and has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien.” Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and received her degree in Computer Science and Electrical Engineering from MIT.  Her latest book, “Ransomware and Cyber Extortion,” will be published this year.