Android Fails in Mobile Malware Research - InformationWeek
Mobile // Mobile Devices
10:33 AM
Larry Seltzer
Larry Seltzer
Connect Directly
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Android Fails in Mobile Malware Research

There are many more malware-infected Android devices out there than you might think. It's all because the Android ecosystem and Google Play store are more friendly to malware and exploits than iOS and the Apple App Store or Windows 8, Windows Phone and the Windows Store. There's some, but not much reason, to think things will improve for Android in the near future.

Android malware appears to be more widespread than I had thought. I was alerted to that fact recently with a reference to a story in Biztech referring to research done by Dan Guido, Co-Founder and CEO of Trail of Bits. The firm is an independent information security company. (Guido's co-founders are Alex Sotirov and Dino Dai Zovi, both well-known and respected mobile security researchers.)

The stand-out number in the research has to do with the extent of malware-tainted Android devices: "Our research has determined that out of the 300 million Android devices out there, the presence of malware has been discovered on about a million of them. That's a significant number." A million? I'd call that significant.

Trail of Bits conducted the research from December, 2011 to March, 2012. The base number of devices has undoubtedly grown quite a bit since. Has the number of malware-infected systems grown proportionately? Guido says that of course it has, and there's little reason to think otherwise.

First, about the attacks themselves. On Android attacks are almost all privilege escalation attacks using malicious apps that the user has installed deliberately, lured by a web site or an app in an app store. Trail of Bits followed 100 attack campaigns, 30 of which were on the Google Play store.

Privilege Escalation, in the context of mobile technology, is better-known as a "jailbreak." The program exploits a vulnerability in the operating system to change its own privilege level, allowing it to evade restrictions on lesser-privileged programs. Exploits are generally easier to write on Android than on Apple's iOS for a variety of reasons described by Trail of Bits.

Very few specific vulnerabilities were used in the malware found by Trail of Bits, and all of them had available patches. This raises one of the major problems with vulnerability mitigation in Android as opposed to iOS or Windows: Google relies on carriers and OEMs to distribute operating system version upgrades. Google can't force these companies to distribute new versions even if those new versions carry significant security improvements.

In fact, the carriers and OEMs have a strong incentive not to upgrade phones they have already sold: It gives buyers an incentive to buy a new phone because the new phones have all the improvements in the new operating systems, even if their older devices are capable of running the newer versions.

Samsung has acknowledged a serious vulnerability in the Android kernel for their Exynos processors in many of their phones, including the Samsung Galaxy S3. Click here to read more.

Users who want to upgrade their own phones can do so by rooting (the Android term for jailbreaking) them and installing a custom ROM from many sources, such as CyanogenMOD. But not many users have the patience or skills to do this.

Google introduced several important security advances in Android version 4.0 (Ice Cream Sandwich) but, according to Google, as of December 3, 2012, only 34.2 percent of Android devices are running version 4.0 or later. Version 4 was released to the public (and handset makers) October 19, 2011, so it's been around for a while.

Distribution of Android versions in installed devices based on the number of Android devices that have accessed Google Play within a 14-day period ending on December 3, 2012.

Another important tool for mitigating vulnerabilities is Google Chrome, the alternative browser available now on Android. The standard Android browser is not as advanced or secure as Chrome and, as of Version 4.1 (Jelly Bean), it is the default browser on Android.

These advances will make many classes of exploits much harder to execute, but not privilege escalation attacks. For now, the main way to stop them is by vetting them at the store or through reputation systems. Unfortunately, as Trail of Bits explains in depressing detail, the controls on app submissions to the Google Play store are as weak as Apple's are strong:

Next Page: Apple rules are strict, Google's lax; what about Microsoft?

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll