Android Anti-Virus Software Easily Fooled
CREDIT: Google/Creative Commons
Anti-virus software made by 10 of the biggest Android security providers can be bamboozled by an embarrassingly easy malware disguise, according to a new report.
Android phones are known for being more vulnerable to malware than their Apple peers, but they also come with lots of anti-virus options such as those provided by Symantec, AVG, Kaspersky Lab, Trend Micro, ESET, ESTSoft, Lookout, Zoner, Webroot and Dr. Web.
Unfortunately, the Android anti-virus software made by all these companies is easily fooled by a simple trick, according to a report from researchers at Northwestern University and North Carolina State University.
"Mobile anti-virus products don't provide real security value to users, given how easy they are to bypass," Duo Security CTO Jon Oberheide told TechNewsDaily. "It's not to say that installing a mobile anti-virus app is a bad thing for users to do, but users would be right to question whether it's something worth paying for."
[See also: 10 Tips to Keep Your Android Phone Safe]
Most anti-virus software works by checking potential malware against a list of known "signatures," or essential lines of code that can help identify a program's function.
Scammers can evade these security measures by subtly tweaking their malware's code just enough to change its signature without affecting its function. This is called polymorphism.
Polymorphic malware has been a problem on desktop computers for years, and anti-virus companies have developed many solutions to combat it. In the past year, polymorphic malware has also begun cropping up on mobile devices.
So researchers from Northwestern University's computer science department decided to see how well Android-specific anti-virus programs could handle polymorphic code.
The researchers developed a program that could automatically take a malware's code and apply very basic polymorphic changes. They then ran these "disguised" types of malware through the Android anti-virus programs.
In nearly all of the trials, the anti-virus programs failed to identify the disguised malware as a threat.
These findings are serious, but not surprising — mobile security is still a new field, and has far to go before it catches up to desktop, Oberheide said.
The Northwestern researchers' full report is available as a PDF here.