Detection of Social Media Exploitation via SMS and Camera

— Internet users all over the world are highly exposed to social media exploitation, where they are vulnerable to be targeted by this cyber-attack. Furthermore, excessive use of social media leads to Internet Addiction Disorder (IAD). Fortunately, social media exploitation and IAD can be monitored and controlled closely based on user’s mobile phone surveillance features which are camera, SMS, audio, geolocation (GPS) and call log. Hence to overcome these challenges, this paper presents five (5) Application Programming Interfaces (APIs) and four (4) permissions for SMS and camera that are mostly and widely used with the social media applications. These 9 APIs and permissions matched with 2.7% of the APIs and permissions training dataset that are related with SMS and camera. This experiment was conducted by using hybrid analysis, which inclusive of static analysis and dynamic analysis, with 1926 training dataset from Brunswick. These 9 APIs and permissions, if being misused by the attacker, could lead to privacy concerns of a mobile device. The finding from this paper can be used as a guidance and reference for the formation of new mobile malware detection technique and modeling in future.


Introduction
Human emotion or desire to browse social media via mobile phone to get latest information, communicate with friends and play game, is currently becoming a trend. Unfortunately, excessive use of social media could lead to Internet Addiction Disorder (IAD) and depression. Recently, World Health Organisations (WHO) has declared gaming as one of the International Classification of Diseases (ICD-11) in year 2018. Hence, it is not impossible in future that social media addiction will be categorized as mental disorder due to its implications and impacts to serious depression and lifestyle.
In a smartphone, 5 main surveillance features which are: SMS, camera, call log, geolocation (GPS) and audio could be exploited by the attacker. They can monitor user's movement and steal confidential information via these surveillance features. In earlier day, Short Message System (SMS) is one of the main mechanisms used by many users for communication. Until now, SMS is still being used for communication and authentication of online banking. Apart from SMS, camera becomes as an important element in smartphone selection due to our current lifestyle. Picture can be easily disseminated to social media just in a second. Different platforms such as iOS and Android have been implemented in different smartphones and Android has been ranked as the mostly used worldwide. As a result, it is most targeted by the attackers and malwares due to its open-source distribution [1]. Malware is defined as a software that could infect devices without the owner's consent for malicious intention and it can be categorised as virus, worm, Trojan Horse, adware, spyware, botnet or ransomware. So far, mobile botnet posed the most serious impact to the smartphone users. For an example, in August 2017, WireX botnet spreads among users from 100 countries and it has infected advertising software and launched the DDoS attacks. It hides under system processes and has been taken down from Playstore with the help from Akamai, Flashpoint and Oracle Dyn [2]. In an Android smartphone, every application has limited capability to use smartphone resources and it needs to request permission and Application Programming Interface (API) to perform any task. For an example, once a mobile application (app) is being installed, the mobile app will request a permission to use SMS and camera during first execution or during installation. Once user granted this permission, the app has the authority to send related information and request via SMS and camera.
Features such as API and permission are seen as an opportunity for exploitation [3]. Existing works by [4][5][6][7][8][9][10][11][12] showed the significant of API and permission usage for exploitation and malwares detection. These works used different analysis techniques such as static analysis, dynamic analysis or hybrid analysis. As for work from [12], MalDozer is proposed to detect the malwares in different of IoT devices, with API as the input. Even in 2018, works by [13][14][15][16][17] also applied the API and Permission in their work. The summarization of work in year 2018 can be referred in Table 1. Nonetheless, none of these works focus on social media app exploitation. Performance issue related with dataset.
[13] API and permission This paper presents how can defend against poisoning attacks from malwares efficiently. Improvement needed for feature selection and classifier. [14] API and permission This paper presents malware detection based on accuracy, recall and Fmeasure.
Performance issue related with the feature selection of the permission list. [15] API and permission This paper presents model based on computational processes. Improvement for limitation of malware classification based on binary format. [16] API This paper presents malware detection for anti-virus scanners evasion.
Performance issue related with training dataset. https://www.i-jim.org applications (apps) have been selected for the experiment of our paper. These social media apps are chosen due to the significant impact to the Internet user lifestyle and privacy concerns. Therefore, this paper aims to identify API and permission that are possible to be used for exploitation specifically through SMS and camera. This paper is organized as follows: Section 2 presents the methodology used in this research, while Section 3 describes the experiments findings carried out in this research and Section 4 includes the summary of the research work.

Methodology
The following Fig.1 is the illustration of the lab setup for the experiment conducted and Table II displays the software used. Prior matching step of the extracted API and permission, 1926 of dataset from Brunswick have been downloaded for training purpose [18]. 328 of APIs and permissions for mobile botnet have been reverse engineered by using hybrid analysis and being compared with the APIs and permissions extracted from the social media apps. Hybrid analysis is the combination of the static analysis and dynamic analysis. For this experiment the hybrid analysis is being used to ensure the full extraction from the apps are successfully retrieved. Only 1500 dataset from 1926 training dataset are fully functioning for the analysis. As for the testing, 5 social media apps have been selected where their names are being sanitized and displayed as anonymous in this paper to avoid any conflict of interest. These social media apps are among the top 5 in the world with highest usage.  Show Java Application /APKtool It is used to decompile APK resource file and extract Permission.

Java Decompiler
It is used to extract API. https://www.i-jim.org

Findings
The following are the findings of API and permission classification for SMS and camera for mobile botnet from the training dataset and possible exploitation of API and permission in social media apps.
The nominal data in Table III to Table VIII represents the feature representative in symbol. Table III Table VIII presents 4 permissions extracted from the social apps that matched and could be associated with SMS and camera exploitation from the training dataset.

Q132
Writes user's contact information.

Q45
Accesses to the camera.

Q88
Reads from external storage.

Q133
Writes to external storage.

Q48
Captures video recording. The significant of having 328 APIs and permissions (combination of Table III and VI) from the mobile botnets training dataset is, it could be used as guidance for the mobile apps developer on how the attackers could exploit the smartphone via API and permission. Furthermore, from the analysis, 29 APIs and permissions (from Table IV  and Table VII) are related with SMS and camera. This represents 8.8% from the training dataset and could be used for SMS and camera exploitation. From 5 selected of social media apps, only total of 9 permissions and APIs that matched with the extracted APIs and permissions from Table IV and Table VII. This represents 2.7% from the training dataset. These APIs and permissions of SMS and camera might pose privacy and financial risks for smartphone users.

Conclusion
Based on the experiment conducted, it showed that social media apps could be used as the attacker's target for SMS and camera exploitation. Since Android-based application is in open-source form, malware may camouflage itself as a legitimate mobile application. The significant finding of this paper is the identification of normal API and permission for SMS and camera and possible of API and permission SMS and API exploitation. This extracted classification can be used as input or database for the development of mobile application for detection of social media exploitation.