Forgot your password?
typodupeerror
Google

+ - Researchers Find Methods for Bypassing Google's Bouncer Android Security->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term.

Oberheide and Miller, both well-known for their work on mobile security, went into their research without much detailed knowledge of how the Bouncer system works. Google has said little publicly about its capabilities, preferring not to give attackers any insights into the system's inner workings. So Oberheide and Miller looked at it as a challenge, an exercise to see how much they could deduce about Bouncer from the outside, and, as it turns out, the inside.

Oberheide and Miller set up some fake Google accounts and began submitting apps to Google Play, the new name for what was originally called the Android Market. They wanted to get a sense of the kind of environment that Google uses to analyze apps, see what weak spots the system may have and then look for methods to use them to bypass Bouncer entirely. One of the apps that they submitted contained some functionality that called out to a server that the researchers controlled once it was in the Bouncer environment. The app gave them a remote shell on the system and the ability to issue commands and see what was happening as Bouncer was analyzing the app."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researchers Find Methods for Bypassing Google's Bouncer Android Security

Comments Filter:

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...