PREC Tool prevents Android Device from Root Exploit hidden in Malicious apps
Smartphones are always ready to connect to the Internet and contains sensitive information such as Contacts, SMS, Photos, and GPS information and this sensitive information is always in danger of leakage.
According to a report, Cyber criminals and state-sponsored hackers are developing 55,000 new malware variants, each and every day; and many of them try to elevate privileges for unfettered control of the user device.
North Carolina State University Researchers have developed a new software, called Practical Root Exploit Containment (PREC), with the sole purpose of detecting mobile malware that attempts to run Root exploits in Android devices. Root exploits take control of system administration functions of the operating system that gives the hacker an unrestricted control of user’s Smartphone.
That means, an application has not permission to read your messages or contacts or the GPS location, but after getting root access it will be able to steal any data from your device.
Anomaly Detection is one of the existing detection technique that compares the behavior of a downloaded Smartphone application, such as Google Chrome, with a database of how the application should be expected to behave. "When deviations from normal behavior are detected, PREC analyses them to determine if they are malware or harmless 'false positives.' "
PREC tool used the refined techniques of Anomaly Detection to prevent it from giving false positives, "Anomaly detection isn't new, and it has a problematic history of reporting a lot of false positives," said Dr Will Enck, co-author of the research paper.
PREC targets the code written in C language which is usually used by hackers to create malware and can identify calls made to native C code from a Java program.
The researchers tested a prototype of the tool on the Google Galaxy Nexus device against 150 Android apps, of which 10 contained root exploits. “We can achieve 100 percent detection rate and raised false alarms in one out of 140 popular apps tested,” he said.
Malware writers have developed techniques that hide malware until the application is installed on the Smartphone but thanks to Google, most apps in the Android Play store are pretty clean, but the best protection is common sense; Ensure you only Install Apps from Trusted Sources.
That means, an application has not permission to read your messages or contacts or the GPS location, but after getting root access it will be able to steal any data from your device.
Anomaly Detection is one of the existing detection technique that compares the behavior of a downloaded Smartphone application, such as Google Chrome, with a database of how the application should be expected to behave. "When deviations from normal behavior are detected, PREC analyses them to determine if they are malware or harmless 'false positives.' "
PREC tool used the refined techniques of Anomaly Detection to prevent it from giving false positives, "Anomaly detection isn't new, and it has a problematic history of reporting a lot of false positives," said Dr Will Enck, co-author of the research paper.
PREC targets the code written in C language which is usually used by hackers to create malware and can identify calls made to native C code from a Java program.
The researchers tested a prototype of the tool on the Google Galaxy Nexus device against 150 Android apps, of which 10 contained root exploits. “We can achieve 100 percent detection rate and raised false alarms in one out of 140 popular apps tested,” he said.
Malware writers have developed techniques that hide malware until the application is installed on the Smartphone but thanks to Google, most apps in the Android Play store are pretty clean, but the best protection is common sense; Ensure you only Install Apps from Trusted Sources.