Mobile WorkHorse

About this Blog: Al Sacco writes about anything and everything mobile or wireless as it applies to the global workforce — with a focus on smartphones and tablets.

Mobile WorkHorse

Sneaking Android Malware Past Google's 'Bouncer'

Google's Bouncer Android-malware detection system isn't flawless, and two researchers have found ways to sneak malicious apps into the Google Play store by learning Bouncer's behavior and circumventing safeguards.

to Mobile security |

In an effort to help rid the Google Play store (formerly the Android Market) of potentially harmful software, Google earlier this year rolled out a malware detection system it calls "Bouncer." The automated Bouncer system basically scans all Android apps that are submitted to Google Play for obvious signs of mobile maleficence and removes or flags questionable downloads.

Sounds good, right? Sure, but there's one glaring problem. Bouncer is just a system, and as such, it can be examined for weaknesses and exploited. Two researchers from Duo Security have done just that.

Duo's Jon Oberheide and Dr. Charles Miller plan to detail their findings later this week at the SummerCon conference in New York City, but they've already described the success in sneaking past Google's Bouncer in a blog post.

The pair simply submitted a malicious app to Google Play, received a "connect-back shell" on the Bouncer infrastructure and then copied and explored its environment.

From Duo Security:

"We received the callback and now have a remote interactive shell running on the emulated Android device hosted by Bouncer. We can poke around the system using our shell to look for interesting attributes of the Bouncer environment such as the version of the kernel its running, the contents of the filesystem, or information about some of the devices emulated by the Bouncer environment…[T]his is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device."

It's certainly not surprising to see flaws identified in Google's Bouncer for Android, and anyone with any sort of mobile security sense was probably skeptical of the system from the start—I know I was. But the Duo Security researchers are the first to demonstrate specific methods of deception, at least that I know of. Check out the video above for more specifics.

AS

Via DuoSecurity.com


Our Commenting Policies

Browse CIO Blogs

See all CIO Blogs »

Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all Newsletters | Privacy Policy