U.S. researchers testing 10 popular antiviral products for Android devices say
all could be easily defeated by even the most simple obfuscation techniques.
Northwestern University researchers, working with colleagues from North Carolina State University, tested six known viruses against the fully functional versions of the Android antiviral products, most of which have been downloaded by millions of users, and found that all could be evaded.
"The results are quite surprising," Northwestern computer scientist Yan Chen said. "Many of these products are blind to even trivial transformation attacks not involving code-level changes -- operations a teenager could perform."
The researchers used common techniques such as simple switches in a virus's binary code or file name, or running a command on the virus to repackage or reassemble it, then tested dozens of the transformed viruses on the antiviral products, finding many of them slipping through the software unnoticed.
The products' vulnerabilities are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said.
Antiviral products are improving, they acknowledged; last year, 45 percent of signatures could be evaded with trivial transformations, while this year the number has dropped to 16 percent.
"Still, these products are not as robust and effective as they must be to stop malware writers," Chen said in a Northwestern release Thursday. "This is a cat-and-mouse game."
Most Popular Stories
- Updates on Everglades' Stranded Pilot Whales
- Stolen Cobalt-60 Recovered in Mexico
- Hezbollah Chief's Assassination Claimed by Sunni Group
- Wind Power and Wildlife Can Coexist
- Allstate Seeks to Invest in Minority Firms
- Sarmiento to Handle Greeley Latin Ops
- Ford Mustang Still Packs Power
- First-time Jobless Claims Drop Below 300,000
- White House Pushes to Extend Unemployment Benefits
- Elizabeth Warren Ends 2016 Presidential Rumors