The Inquirer-Home

EPSRC hands £3m to researchers to fight malicious Android apps

Two university research teams join with McAfee to fight app attackers
Fri Feb 28 2014, 11:31
Man in balaclava using laptop

SECURITY RESEARCHERS have been granted £3m by the Engineering and Physical Sciences Research Council (EPSRC) to help battle malicious apps in smartphones.

In a bid to "enhance the UK's cyber-security", the dosh will fund two research teams at the Royal Holloway University of London and City University London, Coventry and Swansea Universities, which have teamed up with McAfee.

We've known for some time that Google's Android mobile operating system (OS) is beset by cyber criminals. Last year, Trend Micro reported that there are so many malicious apps on Android that the malware count was well on its way to hit the million mark before the end of the year. 

More recently, mobile security firm Lookout said that hackers targeting mobile platforms are becoming more crafty, shifting their activities to new mobile scams to evade measures put in place by security companies.

The research team at the Royal Holloway University of London will be headed by Dr Lorenzo Cavallaro, a lecturer in the Information Security Group. Cavallaro's research team will study the behaviour of apps on Android operating systems and develop techniques to spot malicious apps.

"They will use this information to enrich or enhance devices to counteract attacks," the EPSRC said.

"We're used to considering our phones as a trusted, private channel of communication, and suitable to receive authentication information to access specific online services," added Lorenzo. "Unfortunately, this information can be leaked or abused by colluding malware if the mobile device is infected."

The second research team at City University London, Swansea and Coventry universities will be headed by professor Tom Chen, focusing on app collusion detection. This team will develop new techniques to detect colluding apps and hopes to head off the threat of apps' collusion before it becomes widespread.

Chen said, "Currently almost all academic and industry efforts are focusing on single malicious apps; almost no attention has been given to colluding apps. Existing antivirus products are not designed to detect collusion."

The team apparently is working primarily on Android due to its open design and flexibility to download apps from a variety of sources.

"Because its security depends on restricting apps by combining digital signatures, sandboxing, and permissions, these restrictions can be bypassed without the user noticing by colluding apps whose combined permissions allow them to carry out attacks that neither app could carry out alone," added the EPSRC.

McAfee, which is now a division of Intel Security, will help the teams by providing the security researchers with access to a library of safe apps, and will assist in analysing malware so the researchers can test its behaviours. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?