CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones

Apu Kapadia

Apu Kapadia - Indiana University

Nov 30, 2011

Size: 447.9MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


We introduce Soundcomber, a "sensory malware" for smartphones that uses the microphone to steal private information from phone conversations. Soundcomber is lightweight and stealthy. It uses targeted profiles to locally analyze portions of speech likely to contain information such as credit card numbers. It evades known defenses by transferring small amounts of private data to the malware server utilizing smartphone-specific covert channels. Additionally, we present a general defensive architecture that prevents such sensory malware attacks.

About the Speaker

Apu Kapadia is an Assistant Professor of Computer Science and Informatics at the School of Informatics and Computing, Indiana University. He received his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign in October 2005. Following his doctorate, Prof. Kapadia joined Dartmouth College as a Post-Doctoral Research Fellow with the Institute for Security Technology Studies, and then as a Member of Technical Staff at MIT Lincoln Laboratory.

Prof. Kapadia is interested in topics related to systems' security and privacy. He is particularly interested in privacy-enhancing technologies such as anonymizing networks, usable models and policy languages for privacy, security in peer-to-peer networks, and applied cryptography.j

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.