£3m UK grant to tackle malicious app collusion

UK-based researchers are to use a £3m grant to investigate ways of countering malicious apps that collude with each other to infect smartphones

UK-based researchers are to use a £3m grant to investigate ways of countering cyber criminals using malicious apps that can collude with each other to infect smartphones.

The funding from the Engineering and Physical Sciences Research Council (EPSRC) is to be shared by Royal Holloway University of London, City University London, Coventry and Swansea Universities and three research teams working to enhance UK cyber security.

Malicious apps can gain access to address books, GPS coordinates, passwords or pin codes and can redirect data, send users to phishing sites and bypass the two-step authentication process used to access an ever-increasing number of online services such as banking or email. 

Criminals can monetise this information in a number of ways, including getting phones to send messages to premium numbers, remotely controlling an infected phone, by tricking users into revealing passwords, and by using stolen data.

More on mobile malware

But the grant will be used mainly to investigate the latest cyber-threat to smartphones that comes from apps working together or colluding.

An example of collusion would be where an app that is allowed to access personal data passes that data to a second app that is allowed to transmit data over the network to the criminals.

Lorenzo Cavallaro, lecturer in the Information Security Group at Royal Holloway University of London, said smartphone owners tend to consider them as a trusted, private channel of communication, and suitable to receive authentication information to access specific online services.

"Unfortunately, this information can be leaked or abused by colluding malware if the mobile device is infected," he said.

Cavallaro’s research team will study the behaviour of apps on Android operating systems and develop novel techniques to spot malicious apps, which are designed to remain hidden. They will use this information to enrich or enhance devices to counteract attacks.

Research teams at City University London, Swansea and Coventry universities will focus on app collusion detection. Tom Chen of City University London, who is leading these research teams, said almost all academic and industry efforts are focusing on single malicious apps.

"Almost no attention has been given to colluding apps. Existing antivirus products are not designed to detect collusion.," he said.

The team will develop new techniques to detect colluding apps and will curtail the threat before it becomes widespread.

By design, Android is "open" in its flexibility to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sandboxing, and permissions.

These restrictions can be bypassed without the user noticing by colluding apps whose combined permissions allow them to carry out attacks that neither app could carry out alone.

Chen said smartphone users need to be careful which apps they download, particularly if downloading from an unofficial app store.

"Be wary of an app which asks you to grant lots of permissions before it is installed," he said.

The research teams are partnering with McAfee, a division of Intel Security. The security company is providing researchers access to a library of safe apps and will assist in analysing malware so the researchers can test their behaviours.

Igor Muttik, a senior principal architect at McAfee, said all attackers are well aware of the technology involved in detecting and tracking them.

"These cybercriminals often take an industrial approach to malware; they try to maximise their benefits from it. So, we need to constantly raise the bar by improving the technology and this will make it more complex and less profitable for them to operate," he said.

The EPSRS is the UK’s main agency for funding research in engineering and the physical sciences and invests around £800m a year in research and postgraduate training to help the UK handle the next generation of technological change.

Read more on Endpoint security