Two graduate students, responding to concern about possible attacks high on the platform Android, wrote a special program for the analysis of malicious code. The Honeynet Project has helped to create two tools aimed at making the analysis of malicious attacks on Android free and easier – and, ultimately, to help better protect are extremely popular mobile platform.
These new tools with open source software have been developed as part of Google Summer of Code, a program in which students from around the world spend their summer vacation, writing code for open source software. Two students under the guidance of Honeynet Project have focused on the malicious attacks on Android: a written program for static analysis, called APKInspector, and another – a tool for dynamic analysis system called DroidBox – both of these programs are intended to facilitate researchers to reverse malware analysis for Android, as well as allow you to monitor and analyze the actions of malicious applications.
“These two instruments complement each other and must be part of the instrument who has to deal with malicious software for mobile devices,” – says Christian Seifert, Head of Public Relations Project Honeynet. “We believe that mobile viruses will thrive, despite the fact that they are similar to those malicious programs to your PC, they have some unique characteristics that, in future, will affect the performance of all malware.”
“Firstly, the malware can be written in order to gain access to the interface of the smartphone victim, and financially motivated it, for example, to send premium SMS-messages,” – he says. “There are some special challenges in malware for mobile devices. This is a completely new area that is still unfamiliar to specialists in the field of computer security. Therefore, the analysis of malicious attacks, at present, requires the expenditure of a fairly large amount of resources.”
Android – a mobile platform sign in the first place, because of its great popularity, and, secondly, because of its structure with the original open source, it is already full of uncontrollable number of applications. A lot of research has revealed weaknesses in its systems, security and privacy.
Honeynet Project Officer Ryan Smith – Curator graduate Kong Chzhenga (author of the tool APKInspector), says the new program will fill large gaps in the analysis of attacks on Android. Recently, the Android has been added component for static analysis – a product of IDA Pro , – he said – but IDA Pro, usually costs about $ 900 per license for one user.
“APKInspector provides analysis tools similar to IDA Pro”, – says Smith. “But our program is the only free program with open source applications for Android. It gives researchers the opportunity to download and install it.”
The tool also shows you where you want your permission to work in the code of mobile software, he says.
DroidBox a “sandbox”, which enables a researcher or analyst to safely run and explore the malicious applications. “It allows us to observe and monitor when your application is doing something [harmful] … and how it does it,” – says Smith. “If you have a profile, and you want to understand how and where something is happening in the code, you are using APKInspector, in order to analyze the code.”
Both tools are equally, are designed for researchers who are engaged in reverse engineering, and for analysts on system security. And it is – the first step toward improving security platform Android, according to Smith.
Information can also be used program to ensure the security of mobile devices for identifying and blocking malicious applications from any malicious activity with high precision, he says.
Author APKInspector Chzheng says about his goal of creating a static analysis tool can be read here – goal was to offer something similar to IDA Pro for a mobile platform. “The main goal of this project is to provide a layer of visualization, which is usually absent in the existing disassembler for Android, as well as create a common platform, which will lead to several existing engineering tools reversal-Android in a single, unified view and context,” – he says. “In short, we just want to create a powerful static analysis tool on a platform of Android, as well as IDA Pro platform x86”.
Creator DroidBox – graduate student Patrick Lantz posted an alpha version of its dynamic analyzer open source here (beta version under development). DroidBox, for example, can control system application requests the API.
“My interest in participating in this project, largely based on the fact that the number of malicious applications for Android is a growing concern, and common tools such as DroidBox, no. Another aspect is that Android is open source and is makes it possible to change the structure “- said Lantz.