Malware in Motion

Robert Choudhury; Zhiyuan Luo; Khuong An Nguyen

doi:10.5220/0010976200003120

Malware in Motion

Robert Choudhury, Zhiyuan Luo, Khuong An Nguyen

Research output: Contribution to conference › Paper › peer-review

Abstract

Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time. To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent. We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried out using a physical device with the novel use of Android’s Activity Recognition API.

Original language	English
Pages	595-602
DOIs	https://doi.org/10.5220/0010976200003120
Publication status	Published - 2022
Event	The 8th International Conference on Information Systems Security and Privacy - Online Duration: 9 Feb 2022 → 11 Feb 2022 Conference number: 8

Conference

Conference	The 8th International Conference on Information Systems Security and Privacy
Abbreviated title	ICISSP
Period	9/02/22 → 11/02/22

Access to Document

10.5220/0010976200003120Licence: CC BY-NC-ND

Cite this

@conference{6504ffc7bdf44069967cef421ff71090,

title = "Malware in Motion",

abstract = "Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time. To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent. We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried out using a physical device with the novel use of Android{\textquoteright}s Activity Recognition API.",

author = "Robert Choudhury and Zhiyuan Luo and Nguyen, {Khuong An}",

year = "2022",

doi = "10.5220/0010976200003120",

language = "English",

pages = "595--602",

note = "The 8th International Conference on Information Systems Security and Privacy, ICISSP ; Conference date: 09-02-2022 Through 11-02-2022",

}

TY - CONF

T1 - Malware in Motion

AU - Choudhury, Robert

AU - Luo, Zhiyuan

AU - Nguyen, Khuong An

N1 - Conference code: 8

PY - 2022

Y1 - 2022

N2 - Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time. To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent. We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried out using a physical device with the novel use of Android’s Activity Recognition API.

AB - Malicious software (malware) is designed to circumvent the security policy of the host device. Smartphones represent an attractive target to malware authors as they are often a rich source of sensitive information. Attractive targets for attackers are sensors (such as cameras or microphones) which allow observation of the victims in real time. To counteract this threat, there has been a tightening of privileges on mobile devices with respect to sensors, with app developers being required to declare which sensors they need access to, as well as the users needing to give consent. We demonstrate by conducting a survey of publicly accessible malware analysis platforms that there are still implementations of sensors which are trivial to detect without exposing the malicious intent of a program. We also show how that, despite changes to the permission model, it is still possible to fingerprint an analysis environment even when the analysis is carried out using a physical device with the novel use of Android’s Activity Recognition API.

U2 - 10.5220/0010976200003120

DO - 10.5220/0010976200003120

M3 - Paper

SP - 595

EP - 602

T2 - The 8th International Conference on Information Systems Security and Privacy

Y2 - 9 February 2022 through 11 February 2022

ER -