Android antiviral products easily evaded, study says

May 30, 2013
Evaluating anti-malware. Credit: Yan Chen

Think your antivirus product is keeping your Android safe? Think again. Northwestern University researchers, working with partners from North Carolina State University, tested 10 of the most popular antiviral products for Android and found each could be easily circumnavigated by even the most simple obfuscation techniques.

"The results are quite surprising," said Yan Chen, associate professor of and at Northwestern's McCormick School of Engineering and Applied Science. "Many of these products are blind to even trivial transformation attacks not involving code-level changes—operations a teenager could perform."

The researchers began by testing six known on the fully functional versions of 10 antiviral products.

Using a tool they developed called DroidChameleon, the researchers then applied common techniques—such as simple switches in a virus's or file name, or running a command on the virus to repackage or reassemble it—to transform the viruses into slightly altered but equally damaging versions. Dozens of transformed viruses were then tested on the antiviral products, often slipping through the software unnoticed.

All of the antiviral products could be evaded, the researchers found, though their to the transformed attacks varied.

The products' shortcomings are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said. Instead, the researchers suggested, the products should use a more sophisticated static analysis to accurately seek out transformed attacks. Only one of the 10 tested tools currently utilizes a static analysis system.

The researchers chose to study Android products because it is the most commonly used operating system in the United States and worldwide, and because its enabled the researchers to easily conduct analyses. They emphasized, however, that other operating systems are not necessarily more protected from virus attacks.

Antiviral products are improving. Last year, 45 percent of signatures could be evaded with trivial transformations. This year, the number has dropped to 16 percent.

"Still, these products are not as robust and effective as they must be to stop malware writers," Chen said. "This is a cat-and-mouse game."

Explore further: Facebook's Internet.org expands in Zambia

More information: A paper about the research, "Evaluating Android Anti-Malware Against Transformation Attacks," was presented earlier this month at the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013).

Related Stories

Denmark warns against rice for children

May 15, 2013

Denmark's Veterinary and Food Administration said Wednesday that parents should stop giving their children rice cakes and rice milk, saying the products contained unacceptable levels of inorganic arsenic.

Fatty acids could lead to flu drug

Mar 07, 2013

Flu viruses are a major cause of death and sickness around the world, and antiviral drugs currently do not protect the most seriously ill patients. A study published March 7th by Cell Press in the journal Cell reveals that a ...

From blank round to a potently active substance?

Apr 19, 2013

A long-forgotten candidate for antiviral therapy is undergoing a renaissance: Since the 1970s, the small molecule CMA has been considered a potent agent against viral infections, yet it was never approved ...

Recommended for you

Facebook's Internet.org expands in Zambia

22 hours ago

(AP)—Facebook's Internet.org project is taking another step toward its goal of bringing the Internet to people who are not yet online with an app launching Thursday in Zambia.

Body by smartphone

Jul 30, 2014

We love our smartphones. Since they marched out of the corporate world and into the hands of consumers about 10 years ago, we've relied more and more on our iPhone and Android devices to organize our schedules, ...

Breakthrough elastic cloud-to cloud networking

Jul 30, 2014

Scientists from AT&T, IBM and Applied Communication Sciences (ACS) announced a proof-of-concept technology that reduces set up times for cloud-to-cloud connectivity from days to seconds. This advance is a major step forward ...

Security CTO to detail Android Fake ID flaw at Black Hat

Jul 29, 2014

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Eikka
3 / 5 (1) May 30, 2013
One of the drawbacks is that Android often runs on underpowered hardware like cellphones and other mobile devices, making it difficult to design a comprehensive virus scanner for it without making it more harmful than the virus itself - a problem that is prevalent in desktop computers where most major antivirus programs bog the system down to the point where it harms usability and makes the device appear broken.
alfie_null
not rated yet May 31, 2013
One of the drawbacks is that Android often runs on underpowered hardware like cellphones and other mobile devices, making it difficult to design a comprehensive virus scanner for it without making it more harmful than the virus itself - a problem that is prevalent in desktop computers where most major antivirus programs bog the system down to the point where it harms usability and makes the device appear broken.

Rather, drawback of phones and tablets, in general. I'd agree about desktops too. I kind-of view antivirus software as increasingly marketing hype rather than effective virus control any more. It's becoming far to easy to concoct viral software that can evade antivirus technology nowadays.