These tiny programs on Internet-connected mobile phones are increasingly becoming entryways for surveillance and fraud. Computer scientists from the center for IT-Security, Privacy and Privacy, CISPA, have developed a program that can show users whether the apps on their smartphone are accessing private information, and what they do with that data. This year, the researchers will present an improved version of their system again at the CeBIT computer fair in Hanover (Hall 9, Booth E13).
RiskIQ, an IT security-software company, recently examined 350,000 apps that offer monetary transactions, and found more than 40,000 of these specialized programs to be little more than scams. Employees had downloaded the apps from around 90 recognized app store websites worldwide, and analyzed them.
They discovered that a total of eleven percent of these apps contained malicious executable functions – they could read along personal messages, or remove password protections. And all this would typically take place unnoticed by the user.
Computer scientists from Saarbrücken have now developed a software system that allows users to detect malicious apps at an early stage. This is achieved by scanning the program code, with an emphasis on those parts where the respective app is accessing or transmitting personal information. The monitoring software will detect whether a data request is related to the subsequent transmission of data, and will flag the code sequence in question as suspicious accordingly.
“Imagine your address book is read out, and hundreds of lines of code later, without you noticing, your phone will send your contacts to an unknown website,” Erik Derr says. Derr is a PhD student at the Graduate School for Computer Science at Saarland University, and a researcher at the Saarbrücken Research Center for IT Security, CISPA. An important feature of the software he developed is its ability to monitor precisely which websites an app is accessing, or which phone number a text message was sent to.
To conclusively detect these functional relationships between the data source and the recipient, the researchers use contemporary methods of information flow analysis. They set their program up in advance with a list of suspicious code combinations that access programming interfaces, so that it would learn to differentiate between “good” and “evil” apps, and additionally fed it with details of currently known attacks. “So it can be helpful, for instance, to know the telephone numbers of these expensive premium services. Say one of these numbers is dialed without the consent of the user, then the fraud is obvious,” Derr explains.
Since his method is computationally demanding and also requires a lot of memory space, the software is run on a dedicated server. “It takes our software an average of 25 minutes per app,” Derr says. So far, his research team has tested around 23,000 apps in this manner. And of course, consumers will benefit most from this approach. “The app could be analyzed on our server, and the results would be displayed on your smartphone. Or ideally, the evaluation process could be integrated directly into the app store websites,” explains Derr. This is one of the reasons the Saarbrücken researchers are already discussing the issue with US online retail company Amazon. “But Google would certainly be an option as well,”, says Derr.
Background Information on Computer Science in Saarbrücken
The Department of Computer Science represents the center of computer science research in Saarbrücken. Seven other internationally renowned research institutes are nearby: The Max Planck Institutes for Informatics and for Software Systems, the German Research Center for Artificial Intelligence (DFKI), the Center for Bioinformatics, the Intel Visual Computing Institute, the Center for IT Security, Privacy and Accountability (CISPA), and the Cluster of Excellence “Multimodal Computing and Interaction”.
Center For IT Security, Privacy and Accountability CISPA
Phone: +49 681 302 57368
Competence Center Computer Science Saarland
Phone: +49 681 302-70741
Information for Radio Journalists: Phone interviews with Saarland University scientists can be conducted in studio quality using the Radio Codec (via direct-dial IP connection, or the ARD Sternpunkt 106813020001). Interview requests can be made via our press department (+49 681 302-2601).
Melanie Löw | Universität des Saarlandes
Mobile learning, artificial intelligence and digital training formats in science and research
04.12.2018 | time4you GmbH
Smart medical technology is waiting in the wings: COMPAMED 2018 showed marketable innovations
29.11.2018 | IVAM Fachverband für Mikrotechnik
What if a sensor sensing a thing could be part of the thing itself? Rice University engineers believe they have a two-dimensional solution to do just that.
Rice engineers led by materials scientists Pulickel Ajayan and Jun Lou have developed a method to make atom-flat sensors that seamlessly integrate with devices...
Scientists at the University of Stuttgart and the Karlsruhe Institute of Technology (KIT) succeed in important further development on the way to quantum Computers.
Quantum computers one day should be able to solve certain computing problems much faster than a classical computer. One of the most promising approaches is...
New Project SNAPSTER: Novel luminescent materials by encapsulating phosphorescent metal clusters with organic liquid crystals
Nowadays energy conversion in lighting and optoelectronic devices requires the use of rare earth oxides.
Scientists have discovered the first synthetic material that becomes thicker - at the molecular level - as it is stretched.
Researchers led by Dr Devesh Mistry from the University of Leeds discovered a new non-porous material that has unique and inherent "auxetic" stretching...
Scientists from the Theory Department of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science (CFEL) in Hamburg have shown through theoretical calculations and computer simulations that the force between electrons and lattice distortions in an atomically thin two-dimensional superconductor can be controlled with virtual photons. This could aid the development of new superconductors for energy-saving devices and many other technical applications.
The vacuum is not empty. It may sound like magic to laypeople but it has occupied physicists since the birth of quantum mechanics.
06.12.2018 | Event News
03.12.2018 | Event News
28.11.2018 | Event News
07.12.2018 | Life Sciences
07.12.2018 | Materials Sciences
07.12.2018 | Physics and Astronomy