New Tool for Stopping Root Exploits on Android
To put it simply, the only safe electronic device is the one that has never been turned on, as malware writers continually find new ways to attack technology. Android devices are no exception, so many defenses have been developed, but some are not always that accurate. Researchers at North Carolina State University have recently developed a more refined version of anomaly detection for finding and stopping root exploits.
Root exploits are a class of malware attacks that take control of an operating system's administration functions, granting unlimited control of the system. One method for detecting and stopping malware that has infected applications is anomaly detection, which works by comparing the behavior of the application on a device against a record of how it should behavior. The problem is that this can throw false positives, but the North Carolina researchers are taking advantage of an interesting pattern to better protect the Android OS. As it turns out, most Android root exploits are written in C, even though most Android apps are written in Java. The researchers' Practical Root Exploit Containment (PREC) system has been designed to scrutinize C code specifically, and has significantly reduced the number of false positives.
The researchers hope to take advantage of the methods app vendors use to protect their products from malware to build the standard-behaviors database. One way to do this would be for the vendor to add PREC to their assessment processes, allowing it to record behavior data and build the database itself.
Source: North Carolina State University