Security boffins slip past Google Bouncer

Powered by SC Magazine
 

New app store security checkpoint misses malicious app.

Researchers have slipped malware past the new Android app store security control, and mapped its environment.

Google revealed the Bouncer control in February as a means of scanning the Android market for malicious software, without requiring developers to go through an Apple-like application approval process.

Uploaded apps would be analysed for known malware and malicious behaviour via a sandbox on Google’s cloud infrastructure.

Bouncer would also evict developers known as repeat offenders.

But security boffins Jon Oberheide and Charlie Miller have demonstrated how malicious code could be obfuscated within an application to skirt Bouncer and be uploaded to the Google Play Store.

The demonstration, to be presented at the US SummerCon event this week, also mapped out and fingerprinted the Bouncer infrastructure environment after it ran dynamic analysis of the booby-trapped app and granted an interactive remote shell.

Oberheide and Miller obtained Bouncer’s kernel version, the guts of its filesystem, and data on emulated devices run within its environment.

“So this is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device,” Oberheide said.

Last year, Android device activations grew 250 percent while app store downloads topped 11 billion. But the bypass wasn’t a death knell for Bouncer.

“While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities,” Oberheide said.

Android engineering cheif Hiroshi Lockheimer said of Bouncer that "no security approach is foolproof, and added scrutiny can often lead to important improvements."

"Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe."

The researchers had advised Google of the bypass and were assisting the Android security team to develop a fix.

Copyright © SC Magazine, Australia


Security boffins slip past Google Bouncer
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 768

Vote