MALWARE PROOF ON MOBILE PHONE EXHIBITS BASED ON GSM/GPRS TRACES

This paper presents a system for proving the existence of malware on mobile phones that are exhibits in a criminal investigation. The system masquerades as legitimate GSM/GPRS network and thus is able to intercept and process all traffic sent from and received by the mobile. Eavesdropping the complete traffic is important, as mobile malware applications use IP as well as SMSs for communication. Some malware apps even check the type of IP connectivity and require both, GPRS and GSM to be present to work correctly. The proposed system intercepts the traffic in a simulated GSM/GPRS environment and additionally provides a connection to the real or a simulated Internet. After the traffic has been recorded it is post-processed using various filter options and presented in the form of an HTML report for further analysis.