Security boffins slip past Google Bouncer

Powered by SC Magazine
 

New app store security checkpoint misses malicious app.

Researchers have slipped malware past the new Android app store security control, and mapped its environment.

Google revealed the Bouncer control in February as a means of scanning the Android market for malicious software, without requiring developers to go through an Apple-like application approval process.

Uploaded apps would be analysed for known malware and malicious behaviour via a sandbox on Google’s cloud infrastructure.

Bouncer would also evict developers known as repeat offenders.

But security boffins Jon Oberheide and Charlie Miller have demonstrated how malicious code could be obfuscated within an application to skirt Bouncer and be uploaded to the Google Play Store.

The demonstration, to be presented at the US SummerCon event this week, also mapped out and fingerprinted the Bouncer infrastructure environment after it ran dynamic analysis of the booby-trapped app and granted an interactive remote shell.

Oberheide and Miller obtained Bouncer’s kernel version, the guts of its filesystem, and data on emulated devices run within its environment.

“So this is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device,” Oberheide said.

Last year, Android device activations grew 250 percent while app store downloads topped 11 billion. But the bypass wasn’t a death knell for Bouncer.

“While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities,” Oberheide said.

Android engineering cheif Hiroshi Lockheimer said of Bouncer that "no security approach is foolproof, and added scrutiny can often lead to important improvements."

"Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe."

The researchers had advised Google of the bypass and were assisting the Android security team to develop a fix.

Copyright © SC Magazine, Australia


Security boffins slip past Google Bouncer
 
 
 
Top Stories
Don’t mention digital disruption to David Whiteing
Buzzwords don’t curry favour with CBA's new CIO - it’s all just innovation to him.
 
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
 
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Microsoft launches Office for Android preview
May 22, 2015
Microsoft has launched a preview of Office for Android smartphones. Pre-release versions of ...
Microsoft is working on an iOS email chat feature called Flow
May 22, 2015
Microsoft is working on a new chat app, but at the moment we know more about what we DON'T know, ...
Windows 10 free upgrade: Microsoft details who gets what
May 22, 2015
Microsoft was meant to be streamlining its OS with Windows 10, so why is upgrading so confusing? ...
Windows 10 has an edition to suit everyone's needs
May 15, 2015
Microsoft unveils a mind-melting six editions of Windows 10 ahead of its Winter 2015 launch. ...
Firefox 38 FINAL released, debuts new tab-based preferences
May 13, 2015
Mozilla has unveiled the latest version of Firefox 38.0 FINAL for desktop, with Firefox for ...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  42%
 
No
  58%
TOTAL VOTES: 579

Vote