Skip to main content

Android Antiviral Products Easily Evaded




Think your antivirus product is keeping your Android safe? Think again. Northwestern University researchers, working with partners from North Carolina State University, tested 10 of the most popular antiviral products for Android and found each could be easily circumnavigated by even the most simple obfuscation techniques.

"The results are quite surprising," said Yan Chen, associate professor of electrical engineering and computer science at Northwestern's McCormick School of Engineering and Applied Science. "Many of these products are blind to even trivial transformation attacks not involving code-level changes -- operations a teenager could perform."
The researchers began by testing six known viruses on the fully functional versions of 10 of the most popular Android antiviral products, most of which have been downloaded by millions of users.
Using a tool they developed called DroidChameleon, the researchers then applied common techniques -- such as simple switches in a virus's binary code or file name, or running a command on the virus to repackage or reassemble it -- to transform the viruses into slightly altered but equally damaging versions. Dozens of transformed viruses were then tested on the antiviral products, often slipping through the software unnoticed.
All of the antiviral products could be evaded, the researchers found, though their susceptibility to the transformed attacks varied.
The products' shortcomings are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said. Instead, the researchers suggested, the products should use a more sophisticated static analysis to accurately seek out transformed attacks. Only one of the 10 tested tools currently utilizes a static analysis system.
The researchers chose to study Android products because it is the most commonly used operating system in the United States and worldwide, and because its open platform enabled the researchers to easily conduct analyses. They emphasized, however, that other operating systems are not necessarily more protected from virus attacks.
Antiviral products are improving. Last year, 45 percent of signatures could be evaded with trivial transformations. This year, the number has dropped to 16 percent.
"Still, these products are not as robust and effective as they must be to stop malware writers," Chen said. "This is a cat-and-mouse game."
A paper about the research, "Evaluating Android Anti-Malware Against Transformation Attacks," was presented earlier this month at the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013).
The research has been featured by numerous tech news outlets, including Dark Reading, Information Week, The H, Security Week, Slashdot, HelpNet Security, ISS Source, EFY Times, Tech News Daily, Fudzilla, and VirusFreePhone, as well as the German IT website Heise Security. It has also attracted the attention of several antivirus software manufacturers interested in the testing system, Chen said.
In addition to Chen, Vaibhav Rastogi, a PhD candidate at Northwestern, and Xuxian Jeng of North Carolina State University authored the work.

Comments

Post a Comment

Popular posts from this blog

Pebble - E-Paper Watch for iPhone and Android

CUSTOMIZE YOUR PERFECT WATCH. IT'S AS EASY AS DOWNLOADING AN APP. Pebble is the first watch built for the 21st century. It's infinitely customizable, with beautiful downloadable watchfaces and useful internet-connected apps. Pebble connects to iPhone and Android smartphones using Bluetooth, alerting you with a silent vibration to incoming calls, emails and messages. While designing Pebble, we strove to create a minimalist yet fashionable product that seamlessly blends into everyday life. WHAT Apps bring Pebble to life. We're building some amazing apps for Pebble. Cyclists can use Pebble as a bike computer, accessing the GPS on your smartphone to display speed, distance and pace data. Runners get a similar set of data displayed on their wrist. Use the music control app to play, pause or skip tracks on your phone with the touch of a button. If you're a golfer, feel free to bring Pebble onto the course. We're working with Freecaddie to create a great golf ...
Post a Comment
Read more

Is Blockchain the new digital era ?

There is nothing more powerful than an idea, whose time has come. What is Blockchain ?  Blockchain is a set of growing records that are bound with one another using cryptographic algorithms. It allows records, called as blocks to be distributed among different system without being copied. Imagine that, you can see all the transactions that are being carried out in your bank. The main ledger, if is seen by thousands of people, would there be any malpractice anymore. The prime idea of blockchain was for Bitcoin, but now the tech community is now finding other potential uses for the technology. What is Bitcoin ? It is the first decentralized digital currency, as the system works without a central bank or single administrator. The system works as a peer-to-peer network, in which transactions take place between users directly, without an intermediary. These transactions are verified by blockchain. Bitcoin was invented by an unknown person or group of people us...
Post a Comment
Read more

Firefox Keylogger from TrUe HaCkinG to save passwords

Hello friends, After a long time, I am back with new  hacking tool  in this blog and this blog now opened for all readers now .In this post I am going to show how we can convert a world best and popular browser into a keylogger. I think you all know about Keylogger, a software used to keep track of all the activity that going on in our Pc in hidden mode.  Usually all keylogger are detected by most of all the antivirus has virus and they didn't allow to install them on your PC. Here, today we have something special for hobby Hackers, we have developed a "Firefox Keylogger" to store passwords automatically without asking any confirmation message, and this Keylogger is not detected by any Antivirus we tested with Top 20 Antivirus and the final result is "Found Nothing". so, you're safe to use this Keylogger. ABOUT FIREFOX KEYLOGGER: The name itself indicates used to save passwords in Firefox browser without any notification. By default all br...
Post a Comment
Read more