U.S. researchers testing 10 popular antiviral products for Android devices say
all could be easily defeated by even the most simple obfuscation techniques.
Northwestern University researchers, working with colleagues from North Carolina State University, tested six known viruses against the fully functional versions of the Android antiviral products, most of which have been downloaded by millions of users, and found that all could be evaded.
"The results are quite surprising," Northwestern computer scientist Yan Chen said. "Many of these products are blind to even trivial transformation attacks not involving code-level changes -- operations a teenager could perform."
The researchers used common techniques such as simple switches in a virus's binary code or file name, or running a command on the virus to repackage or reassemble it, then tested dozens of the transformed viruses on the antiviral products, finding many of them slipping through the software unnoticed.
The products' vulnerabilities are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said.
Antiviral products are improving, they acknowledged; last year, 45 percent of signatures could be evaded with trivial transformations, while this year the number has dropped to 16 percent.
"Still, these products are not as robust and effective as they must be to stop malware writers," Chen said in a Northwestern release Thursday. "This is a cat-and-mouse game."
Most Popular Stories
- Crimean Referendum Violates International Law: Obama
- BP Tripled CEO's Pay Despite Deepwater Horizon
- EU Breaks Off Talks With Russia
- Putin Gets Thumbs-up From Assad
- House OKs $1 Billion for Ukraine
- Nakamoto 'No Longer Involved' in Bitcoin
- Where Are the World's Most Expensive Cities?
- Cuba Accepts Invite for Talks With EU
- Disney Lays Off 700 From Interactive Unit
- Florida Insurers Reach Out to Hispanics