Securing Smart Phones Against Malicious Exploits

Malformed messages in different protocols pose a serious threat because they are used to remotely launch malicious activity. Furthermore, they are capable of crashing - sometimes with one message only - servers and end points. Recently it is shown that a malformed SMS can crash a mobile phone or gain unfettered access to it. In contrast, little research is done to protect mobile phones against malformed SMS messages. In this paper, we propose an SMS malformed message detection framework that extracts novel syntactical features from SMS messages at the GSM layer of a smart phone. Our framework operates in four steps: (1) analyzes the syntax of SMS protocol, (2) extracts syntactical features from SMS messages and represents them in a suffix tree, (3) uses well-known feature selection schemes to remove redundancy in the features' set, and (4) uses standard distance measures to raise the final alarm. The benefit of our framework is that it is lightweight - requiring less processing and memory resources - and provides high detection rate and small false alarm rate. We have evaluated our system on a real-world SMS dataset consisting of more than 5000 benign and malformed SMS messages. The results of our experiments demonstrate that our framework achieves more than 99% detection rate with less than 0.005% false alarm rate. Last but not least, its training and testing times are 0.035 and 0.01 seconds per SMS respectively; as a result, it can be easily deployed on resource constrained smart phones or mobile devices.