Top 10 Android anti-virus useless before `certain` attacks: Study
Ten of the most popular Android antiviral products can be easily evaded by using certain techniques, a new Northwestern study has revealed.
Washington: Ten of the most popular Android antiviral products can be easily evaded by using certain techniques, a new Northwestern study has revealed.
Northwestern University and North Carolina State University researchers have tested 10 of the most popular antiviral products for Android, which do not prevent even trivial transformation attacks not involving code-level changes, making it susceptible to a teenager`s operation of infusing virus.
Associate professor of electrical engineering and computer science at Northwestern`s McCormick School of Engineering and Applied Science, Yan Chen said that the antiviral products are not as strong and effective as they must be to stop malware writers .
The study has revealed that these Android antiviral products have been downloaded by millions of users.
Using a tool called DroidChameleon, the researchers applied techniques such as using simple switches in the binary code or a file name of the virus, or running a command on the virus to repackage or reassemble it to transform the viruses into slightly altered but equally damaging versions.
The researchers found that all of the antiviral products could be evaded, though their susceptibility to the transformed attacks varied.
The researchers suggested that the products should use a more sophisticated static analysis to accurately indicate transformed attacks. Only one of the 10 tested tools currently utilizes a static analysis system.
However, this year, the percentage of signatures that can be evaded with trivial transformations dropped to 16 percent as compared to last year`s 45 percent of signatures.