SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1937
A team of Oxford and Cambridge researchers is the latest to join a chorus of voices sounding the alarm on a new attack vector named Intra-Library Collusion (ILC) that could make identifying Android malware much harder in the upcoming future.
The research team has described the ILC attack vector in a research paper released last month and named "Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones."
An ILC attack relies on threat actors using libraries to deliver malicious code, instead of standalone Android apps packed with all the malicious commands.
Apps usually require permissions for all the operations they need to perform. An ILC attack relies on spreading the malicious actions across several apps that use the same library(ies).
Each app gets different permissions, and malicious code packed in one app could use shared code from other apps — with higher privileges — to carry out malicious operations.
The advantage — for malware authors — is that investigators analyzing a compromised devices would see the breadth of malicious activities, but would exclude certain apps as the infection's source because they do not possess all the permissions needed to execute the attack.
(Score: 0) by Anonymous Coward on Tuesday September 12 2017, @05:57PM
The terminology seems to be messing up our understanding. Since libraries work one way on normal operating systems, and another way on Android.
On a *normal* os, dynamic linking loads library code into the process's memory space and runs with its privileges. Or, it stays within privilege boundaries.
On "android", dynamic linking is another form of IPC sending unregulated data to some "library"? It crosses privilege boundaries?
Using "dynamic linking" or just a "library" on andoid seems like a different thing. It should probably have its own terminology since those words don't seem to mean what we think they do. (in the context of Android.)