News Column

Test of Android Antivirus Products Finds Many Easily Evaded

May 31, 2013

U.S. researchers testing 10 popular antiviral products for Android devices say all could be easily defeated by even the most simple obfuscation techniques.

Northwestern University researchers, working with colleagues from North Carolina State University, tested six known viruses against the fully functional versions of the Android antiviral products, most of which have been downloaded by millions of users, and found that all could be evaded.

"The results are quite surprising," Northwestern computer scientist Yan Chen said. "Many of these products are blind to even trivial transformation attacks not involving code-level changes -- operations a teenager could perform."

The researchers used common techniques such as simple switches in a virus's binary code or file name, or running a command on the virus to repackage or reassemble it, then tested dozens of the transformed viruses on the antiviral products, finding many of them slipping through the software unnoticed.

The products' vulnerabilities are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said.

Antiviral products are improving, they acknowledged; last year, 45 percent of signatures could be evaded with trivial transformations, while this year the number has dropped to 16 percent.

"Still, these products are not as robust and effective as they must be to stop malware writers," Chen said in a Northwestern release Thursday. "This is a cat-and-mouse game."

Source: Copyright UPI 2013

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters