Enhancing Stealthiness & Efficiency of Android Trojans and Defense Possibilities (EnSEAD) - Android's Malware Attack, Stealthiness and Defense: An Improvement
Frontiers of Information Technology (2011)
Dec. 19, 2011 to Dec. 21, 2011
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/FIT.2011.35
In this work, we have studied Android Architecture from a security point of view. We have studied various defense mechanisms that are present in current Android Platform or are recently proposed. We took inspiration from Sound comber -- a recent Android Trojan that steals sensitive information using various techniques. We enhanced the capabilities of Sound comber in terms of its stealthiness and efficiency in malicious communication by identifying new covert channel and incorporating basic compression. We then developed a new Android Trojan -- Contact Archiver (steals user contacts) which inherits properties from Sound comber, i.e. uses few and innocuous permissions, circumvents already-known security defenses, conveys information remotely without direct network access plus incorporates enhancements proposed by us. We also propose some defense possibilities to detect Contact Archiver covert communication. Our future work will be to block security attacks performed using our enhancements, when they are used in any Android malware.
android, security, trojan, malware, mobile phone security, covert channel
H. Ali, Z. Anwar and M. Ali, "Enhancing Stealthiness & Efficiency of Android Trojans and Defense Possibilities (EnSEAD) - Android's Malware Attack, Stealthiness and Defense: An Improvement," Frontiers of Information Technology(FIT), Islamabad, Pakistan, 2011, pp. 148-153.