Detecting mobile malware threats to
homeland security through static analysis
Seung-Hyun Seo, Aditi Gupta, Asmaa Mohamed
Sallam, Elisa Bertino, Kangbin Yim
Journal of Network and Computer Applications 38
(2014) 43-53
Reviewed by Kim Davis
Purpose: The purpose of this study was to
demonstrate scenarios in which mobile
devices can be affected by malware. A tool
was purposed by the authors,
DroidAnalyzer, to identify weak areas in
applications hackers can use to attack
operating systems in smartphones. These
applications are commonly used and
available for consumers use. The goal of
DroidAnalyzer is for the authors to detect
exploits within the applications that may
become harmful to users.
Methods: The study investigated 1260
mobile malware samples that were found in
the Android Malware Genome Project
dataset. From these samples, (N= 137) 76
different applications were collected which
consisted of 32 banking apps, 29 flight
booking apps, and 15 home security apps
from both Google Play and third party
outlets. The authors fed DroidAnalyzer a
preset list of risky commands and APIs,
application programming interfaces, to run
against these applications. DroidAnalyzer
was then used to test the levels of
suspiciousness encoded in each applications
language.
Results: Results identified a number of
risky applications that are available for
download through smartphones. 92.7% of
the samples returned values that show flaws
in the applications coding. DroidAnalyzer
then terminates the application to avoid
harmful executions. Additionally, 76 apps
were found to contain suspicious behavior in
their APIs, which are commonly found
among malware. Four of the banking apps
violated privacy controls by accessing
private information without user consent.
Findings suggest that those
applications hosted by third parties
comprised of more risky APIs than those
from legitimized outlets such as Google
Play. Once malware obtains access to a
device, the risky behaviors will then take
place due to the application or hacker
executing commands. The authors found
that suspicious APIs could use codes that
will aid in tracking planes, finding
scheduled flights, downloading data from
airlines, and monitoring home security
systems. For example, banking apps,
commonly sent text messages to a user, even
though normal banking apps generally do
not allow this type of behavior. Authors not
that hackers could easily create fake updates
for the program to counteract the ability to
flag suspicious apps. Hackers might also
gain access and convert the code so that
specific languages in the APIs will not be
picked up.
Comment: The authors conducting this
study followed through with not only
analyzing flaws in applications used by
individuals, but also illustrating how the
flaws can effect aspects relating to homeland
security. Hackers not only have multiple
ways to control a device through application
downloads but also use these tactics to
potentially obtain private data to use for
destructive purposes. The fact that many
hackers are using these outlets to obtain
personal information, hack into banks and
other infrastructures, and hack into phones
are alarming in the least. This could set
examples for consumers to be extremely
alert of what applications they download and
from where. There remain aspects of the
DroidAnalyzer that can still be overridden.
Hackers could alter their codes to avoid
being picked up by the apps testing
techniques prove there is progress to be
made. In order to be sheltered from complex
attacks, advanced alterations in the
DroidAnalyzer must be created to protect
against a number of things, not just warn of
suspicious applications. Another weakness
of the program is that hackers could
potentially create false updates for the
program, users will download it, and hackers
will be able to change the programs purpose
from benevolent to malignant. Hackers will
find ways to get around their codes being
picked up, something that application
creators will have to evolve to prevent
overriding of their applications code. The
authors have pointed out some major issues
facing todays technology not only by giving
examples of situations affecting homeland
security, but also creating ways that users
can be deterted from using risky, third party
applications.