Gaming the system: Tetromino-based covert channels and their impact on mobile security

Gaming the system: Tetromino-based covert channels and their impact on mobile security | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Gaming the system: Tetromino-based covert channels and their impact on mobile security Efstratios Vasilellis, Vasileios Botsos, Argiro Anagnostopoulou, and 1 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4006082/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 9 You are reading this latest preprint version Abstract Trojan droppers consistently emerge as formidable malware threats, particularly within the Android ecosystem. Traditional malware detection strategies focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite rigorous efforts to fortify network defenses against such droppers, these measures inadvertently highlight the necessity for exploring unconventional infiltration methodologies. This study expands on covert channel attacks, proposing the utilizationof gaming platforms, notably the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we facilitate the delivery and execution of malicious payloads on target devices within 3 to 7 minutes. This process is enabled by integrating the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm and mapping Tetromino shapes to a Meterpreter payload, thereby innovating payload delivery via gameplay suggestions. Our work provides a novel covert channel attack methodology which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and prudent management of application permissions. Covert Channels Malicious Payloads Logic Bomb Smartphones Games Infiltration Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Editorial decision: Revision requested 01 May, 2024 Reviews received at journal 01 May, 2024 Reviews received at journal 31 Mar, 2024 Reviewers agreed at journal 12 Mar, 2024 Reviewers agreed at journal 11 Mar, 2024 Reviewers invited by journal 11 Mar, 2024 Submission checks completed at journal 05 Mar, 2024 Editor assigned by journal 05 Mar, 2024 First submitted to journal 02 Mar, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4006082","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":276644389,"identity":"b0a0e433-c2c6-48c9-a429-c63264d5b29f","order_by":0,"name":"Efstratios Vasilellis","email":"","orcid":"","institution":"Athens University of Economics and Business","correspondingAuthor":false,"prefix":"","firstName":"Efstratios","middleName":"","lastName":"Vasilellis","suffix":""},{"id":276644390,"identity":"06a1a073-09f9-46af-af8f-97661abfc0e8","order_by":1,"name":"Vasileios Botsos","email":"","orcid":"","institution":"Athens University of Economics and Business","correspondingAuthor":false,"prefix":"","firstName":"Vasileios","middleName":"","lastName":"Botsos","suffix":""},{"id":276644391,"identity":"30961adc-c7cc-47a5-9aa7-f9bcd8a1fc37","order_by":2,"name":"Argiro Anagnostopoulou","email":"","orcid":"","institution":"Athens University of Economics and Business","correspondingAuthor":false,"prefix":"","firstName":"Argiro","middleName":"","lastName":"Anagnostopoulou","suffix":""},{"id":276644392,"identity":"f300d472-50af-420a-9321-054353e0fb1c","order_by":3,"name":"Dimitris Gritzalis","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAqklEQVRIiWNgGAWjYDCCAyBUAWRIkKTlwBlStTAcbCNFC9/5tQ8Pf5xnl9gv3cD8uoIYLZI3nhscOLgtOXHmnANslmeI0WJw4xgDUAtz4oYbCWyGDcRrmVOfuJ94LefbgFoaDidukEhgfkiUFskbbAwHzhw7bjzjzsE2RqK08J0/xvyhoqZatn928+GPRGlhkEiAsRjbiIwa/gNwJvMH4rSMglEwCkbBSAMA4/o/VTmUrfIAAAAASUVORK5CYII=","orcid":"","institution":"Athens University of Economics and Business","correspondingAuthor":true,"prefix":"","firstName":"Dimitris","middleName":"","lastName":"Gritzalis","suffix":""}],"badges":[],"createdAt":"2024-03-02 09:44:23","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4006082/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4006082/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":52231145,"identity":"ca3ce893-38c6-4dc7-9dc7-8fb2eb78cbc4","added_by":"auto","created_at":"2024-03-08 06:28:17","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1500820,"visible":true,"origin":"","legend":"","description":"","filename":"IJoISTetromino.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4006082/v1_covered_05156f40-cef2-4868-89f1-9b143d894e4f.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Gaming the system: Tetromino-based covert channels and their impact on mobile security","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Covert Channels, Malicious Payloads, Logic Bomb, Smartphones, Games, Infiltration","lastPublishedDoi":"10.21203/rs.3.rs-4006082/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4006082/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Trojan droppers consistently emerge as formidable malware threats, particularly within the Android ecosystem. Traditional malware detection strategies focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite rigorous efforts to fortify network defenses against such droppers, these measures inadvertently highlight the necessity for exploring unconventional infiltration methodologies. This study expands on covert channel attacks, proposing the utilizationof gaming platforms, notably the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we facilitate the delivery and execution of malicious payloads on target devices within 3 to 7 minutes. This process is enabled by integrating the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm and mapping Tetromino shapes to a Meterpreter payload, thereby innovating payload delivery via gameplay suggestions. Our work provides a novel covert channel attack methodology which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and prudent management of application permissions.","manuscriptTitle":"Gaming the system: Tetromino-based covert channels and their impact on mobile security","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-03-08 06:20:05","doi":"10.21203/rs.3.rs-4006082/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2024-05-01T14:44:28+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-05-01T14:32:20+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-03-31T09:44:07+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"584edf40-bf98-4171-aa76-1fbb0df28db1","date":"2024-03-12T07:31:17+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"b82cb625-5e33-4876-a714-f6d2da7a2413","date":"2024-03-11T16:29:14+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2024-03-11T13:24:44+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-03-06T04:03:50+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-03-06T04:03:50+00:00","index":"","fulltext":""},{"type":"submitted","content":"International Journal of Information Security","date":"2024-03-02T09:35:43+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"9b018866-1985-43a4-804d-319f3d98fa98","owner":[],"postedDate":"March 8th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[],"tags":[],"updatedAt":"2024-06-10T11:53:55+00:00","versionOfRecord":[],"versionCreatedAt":"2024-03-08 06:20:05","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4006082","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4006082","identity":"rs-4006082","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}