Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Researchers have slipped malware past the new Android app store security control, and mapped its environment.
Google revealed the Bouncer control in February as a means of scanning the Android market for malicious software, without requiring developers to go through an Apple-like application approval process. Uploaded apps would be analysed for known malware and malicious behaviour via a sandbox on Google’s cloud infrastructure.
Bouncer would also evict developers known as repeat offenders.
But security boffins Jon Oberheide and Charlie Miller have demonstrated how malicious code could be obfuscated within an application to skirt Bouncer and be uploaded to the Google Play Store.
The demonstration, to be presented at the US SummerCon event this week, also mapped out and fingerprinted the Bouncer infrastructure environment after it ran dynamic analysis of the booby-trapped app and granted an interactive remote shell.
Oberheide and Miller obtained Bouncer’s kernel version, the guts of its filesystem, and data on emulated devices run within its environment.
“So this is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device,” Oberheide said.
Last year, Android device activations grew 250 percent while app store downloads topped 11 billion. But the bypass wasn’t a death knell for Bouncer.
“While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities,” Oberheide said.
Android engineering cheif Hiroshi Lockheimer said of Bouncer that "no security approach is foolproof, and added scrutiny can often lead to important improvements."
"Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe."
The researchers had advised Google of the bypass and were assisting the Android security team to develop a fix.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.