Friday, March 22, 2019
Home / Security / Exploits / Researchers Bypass Google’s Bouncer Android Security

Researchers Bypass Google’s Bouncer Android Security

Google’s Android platform has become the commonest mobile OS both amongst consumers and malware authors, and the company before this year presented the Bouncer scheme to search for malevolent apps in the Google Play market. Bouncer, which watches for malicious apps and recognized malware, is a good beginning step, but as Modern work from researchers Jon Oberheide and Charlie Miller demonstrates, it can be bypassed rather easily and in manners that will be difficult for Google to address in the long-run.

“The problem that Bouncer faces is very similar to the problems that normal antivirus analysts face. Malware will fingerprint the system it’s on to see whether it’s running in a virtualized environment or in an emulator,” Oberheide said. “Bouncer was designed by people I know really well,

and I wanted to see ow they’d design a system. It was a total black-box approach for us, to

The researchers have spoke with Google about the general scheme of their findings and Oberheide stated he anticipates the company to answer, but that the greater problem with Bouncer will be hard to solve.see how much we could learn by submitting apps and poking around.”

By looking at the traffic coming to the command-and-control host that they assembled, the researchers were capable of seeing all of the requests that were coming from one Google IP address block, something that would comprise easily identified by an aggressor. Google could alter that IP block, Oberheide alleged, but then the company would require to get IP space from a assortment of suppliers and send traffic through those IP blocks.

Oberheide developed a video that presents the fake app he and Miller developed calling back and answering to commands from inside the Bouncer environment.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …