Presentation Material
Abstract
With Android being the fastest-growing mobile OS and with a rapidly increasing number of Android malware samples, it is important to acknowledge the risk of exploitation of security vulnerabilities by malware.
According to Common Vulnerabilities and Exposures (CVE) data, over the past few years the total number of documented Android vulnerabilities has reached 30, with seven of them discovered in the last year. The most serious of the recent ones is the so-called ‘MasterKey’ vulnerability (CVE-2013-4787), which is reported to have affected 99 per cent of devices, compromising the APK signature validation process.
With the total number of Android samples in our database exceeding 700,000, and 2,000 new Android malware samples discovered every day, we estimate that approximately 10 per cent of the samples exploit some vulnerability, and of this, one tenth will be a ‘MasterKey’ exploit.
In this paper we will investigate recent Android malware that attempts to exploit vulnerabilities, and identify the most relevant threat families.
By using static analysis tools we will show how these malware families exploit vulnerabilities in order to compromise devices. The research will reveal the evolution of the threat families.
Additionally, we will provide an evaluation of the various analysis tools that are currently available, exploring their successes and failures, and highlighting the differences between them.
These results will be used to identify the best approach for future automated analysis, to ensure it keeps up with the rapid development of Android malware, and increasing sophistication of device exploitation.