New technology to help users combat mobile malware attacks

March 27, 2015 by Katherine Shonesy
New technology to help users combat mobile malware attacks

University of Alabama at Birmingham researchers have developed simple but effective techniques to prevent sophisticated malware from secretly attacking smartphones. This new malware defense is being presented at the IEEE International Conference on Pervasive Computing and Communications, or PerCom, today in St. Louis.

As mobile phones increase in functionality, they are becoming increasingly ubiquitous in everyday life. At the same time, these devices also are becoming easy targets for malicious activities.

One of the primary reasons for such explosion is user willingness to download applications from untrusted sources that may host apps with hidden malicious codes. Once installed on a smartphone, such malware can exploit it in various ways.

For example, it can access the smartphone's resources to learn sensitive information about the user, secretly use the camera to spy on the user, make premium-rate phone calls without the user's knowledge, or use a Near Field Communication, or NFC, reader to scan for physical credit cards within its vicinity.

Such malware already is prevalent, and researchers and practitioners anticipate that this and other forms of malware will become one of the greatest threats affecting millions of smartphone users in the near future.

"The most fundamental weakness in mobile device security is that the security decision process is dependent on the user," said Nitesh Saxena, Ph.D., the director of the Security and Privacy In Emerging computing and networking Systems (SPIES) Lab and an associate professor of computer and information sciences in the College of Arts and Sciences at UAB. "For instance, when installing an Android app, the user is prompted to choose whether or not the application should have permissions to access a given service on the phone. The user may be in a rush or distracted, or maybe it is the user's kid who has the phone. Whatever the case may be, it is a well-known problem that people do not look at these warnings; they just click 'yes.'"

Current operating systems provide inadequate security against these malware attacks, putting the burden of prevention upon the user. The current anti-virus systems are ineffective against such constantly evolving malware. UAB pursued research to find a mechanism that would defend against mobile malware that can exploit critical and sensitive mobile device services, especially focusing on the phone's calling service, camera and NFC.

This study from researchers within the UAB College of Arts and Sciences Department of Computer and Information Sciences and Center for Information Assurance and Joint Forensics Research explains how natural hand gestures associated with three primary smartphone services—calling, snapping and tapping—can be detected and have the ability to withstand attacks using motion, position and ambient sensors available on most smartphones as well as machine learning classifiers.

If a human user attempts to access a service, the gesture would be present and access will be allowed. In contrast, if the malware program makes an access request, the gesture will be missing and access will be blocked.

To demonstrate the effectiveness of this approach, researchers collected data from multiple phone models and multiple users in real-life or near real-life scenarios, simulating benign settings and adversarial scenarios.

The results showed that the three gestures can be detected with a high overall accuracy and can be distinguished from one another and from other benign or malicious activities to create a viable malware defense.

"In this method, something as simple as a human gesture can solve a very complex problem," Saxena said. "It turns the phone's weakest security component—the user—into its strongest defender."

The research team believes that, in the future, transparent gestures associated with other services, such as sending SMS or email, also can be integrated with this system. The researchers also aim to commercialize this technology in the near future.

Explore further: Team develops a simple defense for complex smartphone malware (w/ video)

Related Stories

Phone charger can place user on malware alert

October 6, 2013

(Phys.org) —More smartphones, more smartphone apps, and more busy smartphone users downloading apps have become attractive magnets for malware agents. A new category has grown up, not just general malware software but "mobile ...

Fighting the rise of the app attackers

February 26, 2014

Researchers have been given a share of £3 million by the Engineering and Physical Sciences Research Council (EPSRC) to counter cyber-criminals who are using malicious apps which can collude with each other to infect the ...

A system that facilitates malware identification in smartphones

September 9, 2014

Researchers at Universidad Carlos III de Madrid have developed a tool to help security analysts protect markets and users from malware. This system allows a large number of apps to be analyzed in order to determine the malware's ...

Google removes Android malware used to secretly mine bitcoin

April 27, 2014

If you own an Android device, your phone might be mining bitcoin without you even knowing it. Five applications were recently removed from the Google Play store after they were discovered to be covertly using Android devices ...

Recommended for you

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

Climate change made Harvey rainfall 15 percent more intense

December 14, 2017

A team of scientists from World Weather Attribution, including researchers from Rice University and other institutions in the United States and Europe, have found that human-caused climate change made the record rainfall ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.