Security Week has an interesting article on Android anti-virus software. In summary, most Android anti-virus software relies on signature based analysis that’s easily fooled using simple obfuscation techniques. Obfuscation is more usually used by developers to hide source code from hackers but it can be used by the hackers themselves to transform code into new code that is less likely to be detected by today’s anti-virus software.
The article is based on a paper by North Western University on Evaluating Android Anti-malware against Transformation Attacks (pdf). The authors advocate more research into ways of detecting malware on smartphones. Such methods might include heuristic static analysis of code, crowd sourcing/cluster-analysis of apps system calls and analysis of app power consumption.
- App Vulnerabilities
- App Data Protection and Security
- Mobile Payments, Security and Convenience
- SSL Apps Vulnerable to Attack
- Top Threats to Mobile Computing
- Mercury Android Security Assessment
- Android Vulnerability
- Mobile a Rising Security Threat
- Security of Third Party Login Tokens
- Android IPSec and Hardware Emissions