North Carolina State University Researchers have developed a new software, called
Practical Root Exploit Containment (PREC), with the sole purpose of detecting mobile malware that attempts to run Root exploits in
Android
devices. Root
exploits take control of system administration functions
of the operating system that gives the hacker an unrestricted control of
user’s Smartphone.
That means, an application has not permission to read your messages or
contacts or the GPS location, but after getting
root access it will be
able to steal any data from your device.
Anomaly Detection is one of the existing detection technique
that compares the behavior of a downloaded Smartphone application, such
as Google Chrome, with a database of how the application should be
expected to behave. "
When deviations from normal behavior are
detected, PREC analyses them to determine if they are malware or
harmless 'false positives.' "
PREC tool used the refined techniques of Anomaly Detection to prevent it from giving false positives, "
Anomaly detection isn't new, and it has a problematic history of reporting a lot of false positives," said Dr Will Enck, co-author of the research paper.
PREC targets the code written in C language which is usually used by
hackers to create malware and can identify calls made to native C code
from a Java program.
The researchers tested a prototype of the tool on the Google Galaxy
Nexus device against 150 Android apps, of which 10 contained
root exploits. “
We can achieve 100 percent detection rate and raised false alarms in one out of 140 popular apps tested,” he said.
Malware writers have developed techniques that hide malware until the
application is installed on the Smartphone but thanks to Google, most
apps in the Android Play store are pretty clean, but the best protection
is common sense; Ensure you only Install Apps from Trusted Sources.
Comments