Researchers from North Carolina State University have developed a new tool to detect and contain malware that attempts root exploits in Android devices. The tool improves on previous techniques by targeting code written in the C programming language – which is often used to create root exploit malware, whereas the bulk of Android applications are written in Java.
Root exploits take over the system administration functions of an operating system, such as Android. A successful Android root exploit effectively gives hackers unfettered control of a user’s smartphone.
The new security tool is called Practical Root Exploit Containment (PREC). It refines an existing technique called anomaly detection, which compares the behavior of a downloaded smartphone application (or app), such as Angry Birds, with a database of how the application should be expected to behave.
When deviations from normal behavior are detected, PREC analyzes them to determine if they are malware or harmless “false positives.” If PREC determines that an app is attempting root exploit, it effectively contains the malicious code and prevents it from being executed.
“Anomaly detection isn’t new, and it has a problematic history of reporting a lot of false positives,” says Dr. Will Enck, an assistant professor of computer science at NC State and co-author of a paper on the work. “What sets our approach apart is that we are focusing solely on C code, which is what most – if not all – Android root exploits are written in.”
“Taking this approach has significantly driven down the number of false positives,” says Dr. Helen Gu, an associate professor of computer science at NC State and co-author of the paper. “This reduces disturbances for users and makes anomaly detection more practical.”
The researchers are hoping to work with app vendors, such as Google Play, to establish a database of normal app behavior.
Most app vendors screen their products for malware, but malware programmers have developed techniques for avoiding detection – hiding the malware until users have downloaded the app and run it on their smartphones.
The NC State research team wants to take advantage of established vendor screening efforts to create a database of each app’s normal behavior. This could be done by having vendors incorporate PREC software into their app assessment processes. The software would take the app behavior data and create an external database, but would not otherwise affect the screening process.
“We have already implemented the PREC system and tested it on real Android devices,” Gu says. “We are now looking for industry partners to deploy PREC, so that we can protect Android users from root exploits.”
The paper, “PREC: Practical Root Exploit Containment for Android Devices,” will be presented at the Fourth ACM Conference on Data and Application Security and Privacy being held March 3-5 in San Antonio, Texas. Lead author of the paper is former NC State graduate student Tsung-Hsuan Ho. The paper was co-authored by Daniel Dean, a Ph.D. student in Gu’s lab at NC State.
The work was supported by the National Security Agency; U.S. Army Research Office grant W911NF-10-1-0273; National Science Foundation grants CNS-1149445, CNS-1253346, and CNS-1222680; IBM Faculty Awards and Google Research Awards.
Note to Editors: The paper abstract follows.
“PREC: Practical Root Exploit Containment for Android Devices”
Authors: Tsung-Hsuan Ho, Daniel J. Dean, Xiaohui Gu, and William Enck, North Carolina State University
Presented: March 3-5 at the Fourth ACM Conference on Data and Application Security and Privacy in San Antonio, Texas.
Abstract: Application markets such as the Google Play Store and the Apple App Store have become the de facto method of distributing software to mobile devices. While official markets dedicate significant resources to detecting malware, state-of-the-art malware detection can be easily circumvented using logic bombs or checks for an emulated environment. We present a Practical Root Exploit Containment (PREC) framework that protects users from such conditional malicious behavior. PREC can dynamically identify system calls from high-risk components (e.g., third-party native libraries) and execute those system calls within isolated threads. Hence, PREC can detect and stop root exploits with high accuracy while imposing low interference to benign applications. We have implemented PREC and evaluated our methodology on 140 most popular benign applications and 10 root exploit malicious applications. Our results show that PREC can successfully detect and stop all the tested malware while reducing the false alarm rates by more than one order of magnitude over traditional malware detection algorithms. PREC is light-weight, which makes it practical for runtime on-device root exploit detection and containment.
Matt Shipman | EurekAlert!
The Flexible Grid Involves its Users
27.09.2016 | Fraunhofer-Institut für Angewandte Informationstechnik FIT
Optical fiber transmits one terabit per second – Novel modulation approach
16.09.2016 | Technische Universität München
Friction stir welding is a still-young and thus often unfamiliar pressure welding process for joining flat components and semi-finished components made of light metals.
Scientists at the University of Stuttgart have now developed two new process variants that will considerably expand the areas of application for friction stir welding.
Technologie-Lizenz-Büro (TLB) GmbH supports the University of Stuttgart in patenting and marketing its innovations.
Friction stir welding is a still-young and thus often unfamiliar pressure welding process for joining flat components and semi-finished components made of...
Optical quantum computers can revolutionize computer technology. A team of researchers led by scientists from Münster University and KIT now succeeded in putting a quantum optical experimental set-up onto a chip. In doing so, they have met one of the requirements for making it possible to use photonic circuits for optical quantum computers.
Optical quantum computers are what people are pinning their hopes on for tomorrow’s computer technology – whether for tap-proof data encryption, ultrafast...
The Fraunhofer Institute for Organic Electronics, Electron Beam and Plasma Technology FEP has been developing various applications for OLED microdisplays based on organic semiconductors. By integrating the capabilities of an image sensor directly into the microdisplay, eye movements can be recorded by the smart glasses and utilized for guidance and control functions, as one example. The new design will be debuted at Augmented World Expo Europe (AWE) in Berlin at Booth B25, October 18th – 19th.
“Augmented-reality” and “wearables” have become terms we encounter almost daily. Both can make daily life a little simpler and provide valuable assistance for...
With the help of artificial intelligence, chemists from the University of Basel in Switzerland have computed the characteristics of about two million crystals made up of four chemical elements. The researchers were able to identify 90 previously unknown thermodynamically stable crystals that can be regarded as new materials. They report on their findings in the scientific journal Physical Review Letters.
Elpasolite is a glassy, transparent, shiny and soft mineral with a cubic crystal structure. First discovered in El Paso County (Colorado, USA), it can also be...
For the first time, Fraunhofer IKTS shows additively manufactured hardmetal tools at WorldPM 2016 in Hamburg. Mechanical, chemical as well as a high heat resistance and extreme hardness are required from tools that are used in mechanical and automotive engineering or in plastics and building materials industry. Researchers at the Fraunhofer Institute for Ceramic Technologies and Systems IKTS in Dresden managed the production of complex hardmetal tools via 3D printing in a quality that are in no way inferior to conventionally produced high-performance tools.
Fraunhofer IKTS counts decades of proven expertise in the development of hardmetals. To date, reliable cutting, drilling, pressing and stamping tools made of...
29.09.2016 | Event News
28.09.2016 | Event News
27.09.2016 | Event News
29.09.2016 | Materials Sciences
29.09.2016 | Materials Sciences
29.09.2016 | Interdisciplinary Research