Security researchers testing Google’s Bouncer malware detection system forAndroidapps have managed to submit a benign app and then slowly update it to add malicious functionality, one of the researchers told CNET today.
Nicholas Percoco, head of Trustwave’s SpiderLabs, and colleague Sean Schulte will be discussing their research during a session at Black Hat and Defcon next week in Las Vegas entitled “Adventures in Bouncerland.”
After Google launched its Bouncer system to protect apps in the Google Play Android market in February, the researchers wanted to see if they could turn a good app that was already in the system into something malicious without triggering the Bouncer malware alarm system. They succeeded.
First they created an app that was designed to allow users to block text messages from specific individuals, known as an SMS blocker. Once the app was in the market and available for public download, the researchers updated it 11 times to add additional functionality that was totally unrelated to blocking text messages. None of the updates triggered Bouncer because the researchers used a cloaking method that masked the functionality changes from Bouncer, Percoco said. “We used a technique that allowed us to pull a blindfold over Bouncer,” he said. (Read More)