Securing Mobile Devices from Evasive Malware

The official Google and Apple stores currently host millions of mobile apps, which are used by billions of users. In an ideal world, these users should be able to fully trust their devices and apps, and apps developers would focus on developing core features and functionality, without being concerned about introducing security vulnerabilities. I will start my talk by providing an overview of my research, which aims at bridging the gap between this ideal world and the world we currently live in, where sophisticated malware and vulnerabilities in benign apps pose severe security risks. I will then present two recent research projects related to one of the most problematic classes of malware, evasive malware, malicious software written with the specific intent of evading currently analysis systems, an aspect that makes its automatic detection an open research problem. First, I will present “trigger analysis,” a novel program analysis technique to identify logic bombs, malicious functionality that is triggered only when certain (often narrow) conditions are satisfied. Then, I will present a new, previously-unknown class of attacks that can abuse several features of a smartphone's UI: during the talk, I will show how these techniques are very powerful and stealthy even when attacking tech-savvy users, thus constituting a potential next step for evasive malware samples of the future.

Yanick Fratantonio is a Ph.D. candidate in Computer Science at the University of California, Santa Barbara, and he is soon going to join EURECOM as an Assistant Professor. His research focuses on mobile systems security and privacy. In particular, his work aims at keeping users of mobile devices safe, and it spans different areas of mobile security, such as malware detection, vulnerability analysis, characterization of emerging threats, and the development of novel practical protection mechanisms. In his free time, he enjoys playing and organizing Capture The Flag competitions with the Shellphish hacking team.