Swansea research helping to fight the rise of the app attackers

A computer scientist from Swansea University has received a share of a £3 million funding from the Engineering and Physical Sciences Research Council (EPSRC) to counter cyber-criminals who are using malicious apps which can collude with each other to infect people’s smartphones.

Markus RoggenbachSwansea University researcher Associate Professor Markus Roggenbach, from the Department of Computer Science, College of Science, is part of two app research consortia to be awarded the funding – one a collaborative of City University London, Coventry and Swansea Universities – and the other the Royal Holloway University of London, as well as three additional teams carrying out research to enhance the UK’s cyber-security.

Malware attacks are rising year on year and over one million new Android malware attacks were identified in 2013 by McAfee, a division of Intel Security.

Malicious apps can gain access to address books, GPS coordinates, passwords or pin numbers. They can redirect your data across the net, send you to phishing sites and also bypass the two-step authentication process used to access an ever-increasing number of online services such as banking or email.

Criminals can monetise this information in a number of ways – by getting your phone to send messages to premium numbers, by remotely controlling an infected phone, by tricking you into revealing passwords and by using your stolen data.

The latest cyber-threat to smartphones comes from apps working together or colluding. An example of collusion consists of one app permitted to access personal data, which passes the data to a second app allowed to transmit data over the network. This information can then be used by criminals.

Associate Professor Markus Roggenbach is part of the consortium led by Professor Tom Chen of City University London on app collusion detection.

By design, Android is "open" in its flexibility to download apps from different sources. Its security depends on restricting apps by combining digital signatures, sandboxing, and permissions.

These restrictions can be bypassed without the user noticing by colluding apps whose combined permissions allow them to carry out attacks that neither app could carry out alone.

Professor Chen said: “Currently almost all academic and industry efforts are focusing on single malicious apps; almost no attention has been given to colluding apps. Existing antivirus products are not designed to detect collusion.”

The consortium will develop new techniques to detect colluding apps and will curtail the threat before it becomes widespread.

The Swansea research team, which has been awarded more than £223,000, will address the challenging question of how to prove the absence of collusion in a mathematically concise way.

Associate Professor Markus Roggenbach said: "The Swansea research team will address the challenging question of how to prove the absence of collusion in a mathematically concise way.

“Success in this project would mean a rare opportunity for the cyber-security community to stay ahead of an emerging threat, instead of reacting to a threat which is already prevalent."

Another consortium, led by Dr Lorenzo Cavallaro, Lecturer in the Information Security Group at Royal Holloway University of London, will study the behaviour of apps on Android operating systems and develop novel techniques to spot malicious apps, which of course, are designed to remain hidden. They will use this information to enrich or enhance devices to counteract attacks.

Both research consortia are partnering with McAfee, a division of Intel Security. The security company is providing researchers access to a library of safe apps and will assist in analysing malware so the researchers can test their behaviours.

Dr Igor Muttik, a Senior Principal Architect at McAfee, a division of Intel Security said: “We’re up against really sophisticated malware - some even used by nation states for spying. All attackers are well aware of the technology involved in detecting and tracking them.

“Malware operators often take an industrial approach to cybercrime; they try to maximise their benefits from malware. So, we need to constantly raise the bar by improving the technology and this will make it more complex and less profitable for them to operate.”

Picture: Swansea University researcher Associate Professor Markus Roggenbach, from the Department of Computer Science, College of Science, Swansea University

For more information on the Department of Computer Science at Swansea University visit http://www.swansea.ac.uk/compsci/.

This story also received the following media coverage:

Electronics Weekly.com
Infotech Spotlight

Posted by Janis Pickwick <j.m.pickwick@swansea.ac.uk>
Thursday 27 February 2014 16.47 GMT
Swansea University, Tel: 01792 295050