Android antiviral products easily evaded, study says

May 30, 2013
Evaluating anti-malware. Credit: Yan Chen

Think your antivirus product is keeping your Android safe? Think again. Northwestern University researchers, working with partners from North Carolina State University, tested 10 of the most popular antiviral products for Android and found each could be easily circumnavigated by even the most simple obfuscation techniques.

"The results are quite surprising," said Yan Chen, associate professor of and at Northwestern's McCormick School of Engineering and Applied Science. "Many of these products are blind to even trivial transformation attacks not involving code-level changes—operations a teenager could perform."

The researchers began by testing six known on the fully functional versions of 10 antiviral products.

Using a tool they developed called DroidChameleon, the researchers then applied common techniques—such as simple switches in a virus's or file name, or running a command on the virus to repackage or reassemble it—to transform the viruses into slightly altered but equally damaging versions. Dozens of transformed viruses were then tested on the antiviral products, often slipping through the software unnoticed.

All of the antiviral products could be evaded, the researchers found, though their to the transformed attacks varied.

The products' shortcomings are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said. Instead, the researchers suggested, the products should use a more sophisticated static analysis to accurately seek out transformed attacks. Only one of the 10 tested tools currently utilizes a static analysis system.

The researchers chose to study Android products because it is the most commonly used operating system in the United States and worldwide, and because its enabled the researchers to easily conduct analyses. They emphasized, however, that other operating systems are not necessarily more protected from virus attacks.

Antiviral products are improving. Last year, 45 percent of signatures could be evaded with trivial transformations. This year, the number has dropped to 16 percent.

"Still, these products are not as robust and effective as they must be to stop malware writers," Chen said. "This is a cat-and-mouse game."

Explore further: Denmark warns against rice for children

More information: A paper about the research, "Evaluating Android Anti-Malware Against Transformation Attacks," was presented earlier this month at the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013).

Related Stories

Denmark warns against rice for children

May 15, 2013

Denmark's Veterinary and Food Administration said Wednesday that parents should stop giving their children rice cakes and rice milk, saying the products contained unacceptable levels of inorganic arsenic.

Fatty acids could lead to flu drug

Mar 07, 2013

Flu viruses are a major cause of death and sickness around the world, and antiviral drugs currently do not protect the most seriously ill patients. A study published March 7th by Cell Press in the journal Cell reveals that a ...

From blank round to a potently active substance?

Apr 19, 2013

A long-forgotten candidate for antiviral therapy is undergoing a renaissance: Since the 1970s, the small molecule CMA has been considered a potent agent against viral infections, yet it was never approved ...

Recommended for you

Microsoft expands ad-free Bing search for schools

4 hours ago

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Eikka
3 / 5 (1) May 30, 2013
One of the drawbacks is that Android often runs on underpowered hardware like cellphones and other mobile devices, making it difficult to design a comprehensive virus scanner for it without making it more harmful than the virus itself - a problem that is prevalent in desktop computers where most major antivirus programs bog the system down to the point where it harms usability and makes the device appear broken.
alfie_null
not rated yet May 31, 2013
One of the drawbacks is that Android often runs on underpowered hardware like cellphones and other mobile devices, making it difficult to design a comprehensive virus scanner for it without making it more harmful than the virus itself - a problem that is prevalent in desktop computers where most major antivirus programs bog the system down to the point where it harms usability and makes the device appear broken.

Rather, drawback of phones and tablets, in general. I'd agree about desktops too. I kind-of view antivirus software as increasingly marketing hype rather than effective virus control any more. It's becoming far to easy to concoct viral software that can evade antivirus technology nowadays.

More news stories

Robot scouts rooms people can't enter

(Phys.org) —Firefighters, police officers and military personnel are often required to enter rooms with little information about what dangers might lie behind the door. A group of engineering students at ...

Finalists named in Bloomberg European city contest

Amsterdam wants to create an online game to get unemployed young people engaged in finding jobs across Europe. Schaerbeek, Belgium, envisions using geothermal mapping to give households personalized rundowns of steps to save ...

Internet TV case: US justices skeptical, concerned

Grappling with fast-changing technology, U.S. Supreme Court justices debated Tuesday whether they can protect the copyrights of TV broadcasters to the shows they send out without strangling innovations in ...

Brazil passes trailblazing Internet privacy law

Brazil's Congress on Tuesday passed comprehensive legislation on Internet privacy in what some have likened to a web-user's bill of rights, after stunning revelations its own president was targeted by US ...

In the 'slime jungle' height matters

(Phys.org) —In communities of microbes, akin to 'slime jungles', cells evolve not just to grow faster than their rivals but also to push themselves to the surface of colonies where they gain the best access ...

New alfalfa variety resists ravenous local pest

(Phys.org) —Cornell plant breeders have released a new alfalfa variety with some resistance against the alfalfa snout beetle, which has ravaged alfalfa fields in nine northern New York counties and across ...