Evolution of Android exploits from a static analysis tools perspective

Friday 26 September 09:30 - 10:00, Red room.

Anna Szalay Sophos
Jagadeesh Chandraiah Sophos

  download slides (PDF)

With Android being the fastest-growing mobile OS and with a rapidly increasing number of Android malware samples, it is important to acknowledge the risk of exploitation of security vulnerabilities by malware.

According to Common Vulnerabilities and Exposures (CVE) data, over the past few years the total number of documented Android vulnerabilities has reached 30, with seven of them discovered in the last year. The most serious of the recent ones is the so-called 'MasterKey' vulnerability (CVE-2013-4787), which is reported to have affected 99 per cent of devices, compromising the APK signature validation process.

With the total number of Android samples in our database exceeding 700,000, and 2,000 new Android malware samples discovered every day, we estimate that approximately 10 per cent of the samples exploit some vulnerability, and of this, one tenth will be a 'MasterKey' exploit.

In this paper we will investigate recent Android malware that attempts to exploit vulnerabilities, and identify the most relevant threat families.

By using static analysis tools we will show how these malware families exploit vulnerabilities in order to compromise devices. The research will reveal the evolution of the threat families.

Additionally, we will provide an evaluation of the various analysis tools that are currently available, exploring their successes and failures, and highlighting the differences between them.

These results will be used to identify the best approach for future automated analysis, to ensure it keeps up with the rapid development of Android malware, and increasing sophistication of device exploitation.

Click here for more details about the conference.

Anna Szalay

Anna Szalay

Having joined the company 15 years ago from Ericson, Anna Szalay is one of the Senior Threat Researchers at Sophos Labs. She has a broad skills set and years of experience in analysing Windows and mobile malware, and being a lead in maintaining application control data. Her current focus is at the cutting-edge of the ever-growing world of Android threats.

Jagadeesh Chandraiah

Jagadeesh Chandraiah

Jagadeesh Chandraiah graduated from the Visweswaraiah Technological University in India. He also holds a Master's degree from the University of South Wales, UK. He has been working at Sophos in the UK for over five years. He has been working on spam analysis, generic detections and Windows malware analysis. At present, he is concentrating mainly on Android malware analysis. Outside of work, Jagadeesh enjoys playing cricket and badminton.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.