Here is the proof of concept code for smartphone botnet C&C over SMS from Shmoocon 2011. This is for the Android platform. If you are looking to work with iPhone contact me directly. I don’t have access to an iPhone at this time to properly test the PoC code for iPhone. So I’m not releasing such code publicly at this time. However, the same concept of proxying the modem and application layer to make smartphone bots is known to work for iPhone.
Download the Shmoocon slides here: http://www.grmn00bs.com
Download the code here. http://www.grmn00bs.com
compile with arm-gcc with the -static flag set
Copy to anywhere on the underlying OS that is writable (/data is good).
Rename /dev/smd0 to /dev/smd0real
Start the bot application
Kill the radio application (ps | grep rild)
The radio will automatically respawn and now the bot proxy will be working.
This proof of concept code has payloads removed, so the functionality you see in the demos will need to be added manually. Add your own stuff. Have fun and please share it with me if you do something interesting. Usual disclaimers apply. The proof of concept swallows botnet related messages based on a key that you can change, but it does not perform potentially malicious payloads as seen in the demos.
Credit: Georgia Weidman