Malware in motion

Robert Choudhury; Zhiyuan Luo; Khuong An Nguyen

Malware in motion

Robert Choudhury, Zhiyuan Luo, Khuong An Nguyen

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time.

To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent.

We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried using a physical device with the novel use of Android's Activity Recognition API.

Original language	English
Title of host publication	8th International Conference on Information Systems Security and Privacy (ICISSP 2022)
Number of pages	10
Publication status	Published - 9 Feb 2022
Event	8th International Conference on Information Systems Security and Privacy (ICISSP 2022) - Duration: 9 Feb 2022 → 11 Feb 2022 https://icissp.scitevents.org

Conference

Conference	8th International Conference on Information Systems Security and Privacy (ICISSP 2022)
Period	9/02/22 → 11/02/22
Internet address	https://icissp.scitevents.org

Keywords

Dynamic Analysis
Reverse Turing
Mobile Security

Access to Document

malware_in_motionAccepted author manuscript, 842 KBLicence: CC BY-ND

Cite this

@inproceedings{c606367c575b4a449f3d011c169d86ac,

title = "Malware in motion",

abstract = "Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time.To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent.We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried using a physical device with the novel use of Android's Activity Recognition API.",

keywords = "Dynamic Analysis, Reverse Turing, Mobile Security",

author = "Robert Choudhury and Zhiyuan Luo and Nguyen, {Khuong An}",

year = "2022",

month = feb,

day = "9",

language = "English",

booktitle = "8th International Conference on Information Systems Security and Privacy (ICISSP 2022)",

note = "8th International Conference on Information Systems Security and Privacy (ICISSP 2022) ; Conference date: 09-02-2022 Through 11-02-2022",

url = "https://icissp.scitevents.org",

}

TY - GEN

T1 - Malware in motion

AU - Choudhury, Robert

AU - Luo, Zhiyuan

AU - Nguyen, Khuong An

PY - 2022/2/9

Y1 - 2022/2/9

N2 - Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time.To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent.We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried using a physical device with the novel use of Android's Activity Recognition API.

AB - Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time.To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent.We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried using a physical device with the novel use of Android's Activity Recognition API.

KW - Dynamic Analysis

KW - Reverse Turing

KW - Mobile Security

M3 - Conference contribution with ISSN or ISBN

BT - 8th International Conference on Information Systems Security and Privacy (ICISSP 2022)

T2 - 8th International Conference on Information Systems Security and Privacy (ICISSP 2022)

Y2 - 9 February 2022 through 11 February 2022

ER -

Malware in motion

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this