When Bouncer was unleashed this February, it was touted as a one-unit malware detection army. However, researchers have found holes in the Android spyware detector with such an ease that one has to ask Google what the hoopla was all about. Granted, monitoring software for cell phone are becoming more menacing with every passing moment, but surely Google could have conjured up something more steely than an app detector that allows fingerprinting!
Bouncer; say what?
Bouncer, an automated process for scanning apps which are suspected to have Trojans, spyware and malware like monitoring software for cell phones, was launched in February this year. It tracks dubious behaviors inside the cell phone and matches them up against apps which have been previously analyzed. If the presence of a malicious or suspicious app is confirmed, it is highlighted and flagged till the presence of malware is manually confirmed. However, researchers have found out that dodging Bouncer’s bullet is not the most difficult task for Android spyware, which can be filtered into the cell phones as an ordinary harmless app.
Duo security’s duo
Jon Oberheide and Charlie Miller of Duo Security prepared a presentation for the SummerCon in Brooklyn, which showcases how Bouncer can be bluffed and malware like a plethora of monitoring software for cell phone can be infused into the Android market. In a video presentation, Oberheide showed how he entered a fake app and via the remote shell searched for the Bouncer’s environmental attributes – like for instance its kernel version and file system contents among other information.
Fingerprinting and follow through
Via fingerprinting, monitoring software for cell phones could also recognize Bouncer’s targeted characteristics – the one’s that Bouncer needs to track to hunt down Android spyware – without being too conspicuous about it. In simple words, the researchers have found a way which allows Android spyware to seem harmless to Bouncer’s scanning system, and in turn the malware can do all of its potential damage when it is run on the phone. The hole is so massive that a whole army of spyware could be created to outdo Bouncer’s defense mechanism – you don’t particularly need a top-drawer malware; it really is that simple.
Hackers could have a ball
Oberheid has confirmed that since outdoing Bouncer does need hacking connoisseurs for Android exploitation, the hackers can “poke around” and deceive Google in quite a few ways. For example, by creating Android spyware that would “play nice” while Google performs its tests on virtualized phones; the hackers can deceive them into reassurance that nothing malicious has penetrated their devices. And of course once virtualized tests are over, the hackers can then activate their attack when the app runs on a real smart phone. Had the Bouncer hole not been traced by the researchers, this could have resulted in hackers highlighting Google’s booboo in the meanest possible ways.
Optimism for Google
The problem with Google is that unlike Apple it does not sift its apps before they are made available at the iTunes Marketplace. This allows hackers extra room to maneuver. Even so, Duo Security’s duo believes that Google has what it takes to plug this hole that they have discovered, however gigantic it might be. Since they would be working with Android’s security team to work on Google’s defensive capabilities Google does indeed have cause for optimism.
* * *
“Android Device” image courtesy of Shutterstock.