Friday 2 October 14:30 - 15:00, Small talksAlfonso Muñoz (11paths - Telefonica)
Antonio Guzmán (11paths - Telefonica)The significance of the side-channels in cybersecurity has led the evolution of some of the most recognized threats in recent years. These side-channels are usually employed to send or receive data and they can be defined in several ways. However, sometimes they require some subterfuge to hide the real purpose of the information. In this contribution we explore the potential of a known technique, called steganography, to exploit different mobile application stores as side-channels. Two alternatives have been explored: the propagation of stego-malware in these app stores and the possibility to develop an APT using these hidden channels. Focusing on the usage of images to hide payloads, our tests show that stego-malware is a real problem. We have analysed more than 2 million apps and over 7 million potential stego-images. And we can demonstrate that, with current steganalysis technology, it is feasible to use these app stores as side-channels.Click here for more details about the conference.