Hackers of India

Buster: Android Security Buster

By  Atul Alex  on 23 Oct 2012 @ Hacklu

Abstract

This presentation will be based on actual research conducted on Android Platform & the currently available Security Products/Security Model for the same. While studying the Android platform & its security model, one can easily identify weak-spots in the way sand-boxing is done, the way applications interact with each other as well as the extent of control a ‘regular’ application has over the ‘overall’ functioning of the device. So, I thought of conducting some real-life testing of the available security measures, platform restrictions & the outcome does not look good. This presentation will focus mostly on the ‘malwares’ that are floating around & why the techniques applied so far are not enough. I’ll demonstrate how easy it is to bypass Android antivirus detections & what to expect in the near future. I will also be releasing an open-source desktop based tool to scan your android devices for known threats. During the presentation, I’ll demonstrate a Proof-Of-Concept tool that can create fully undetected variants of existing known malware in a matter of seconds & explain why the regular approach fails to detect them.