Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday September 12 2017, @03:44PM   Printer-friendly
from the you-wash-my-back... dept.

Submitted via IRC for SoyCow1937

A team of Oxford and Cambridge researchers is the latest to join a chorus of voices sounding the alarm on a new attack vector named Intra-Library Collusion (ILC) that could make identifying Android malware much harder in the upcoming future.

The research team has described the ILC attack vector in a research paper released last month and named "Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones."

An ILC attack relies on threat actors using libraries to deliver malicious code, instead of standalone Android apps packed with all the malicious commands.

Apps usually require permissions for all the operations they need to perform. An ILC attack relies on spreading the malicious actions across several apps that use the same library(ies).

Each app gets different permissions, and malicious code packed in one app could use shared code from other apps — with higher privileges — to carry out malicious operations.

The advantage — for malware authors — is that investigators analyzing a compromised devices would see the breadth of malicious activities, but would exclude certain apps as the infection's source because they do not possess all the permissions needed to execute the attack.

Source: https://www.bleepingcomputer.com/news/security/intra-library-collusion-attacks-open-the-door-for-a-whole-new-kind-of-android-malware/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Nerdfest on Tuesday September 12 2017, @06:36PM (1 child)

    by Nerdfest (80) on Tuesday September 12 2017, @06:36PM (#566900)

    That's what this is looking like to me as well. One app just registers as an intent listener and the other fires the info across that way. I don't think this is using arbitrary shared library instances. I could be wrong.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by DannyB on Wednesday September 13 2017, @05:28PM

    by DannyB (5839) Subscriber Badge on Wednesday September 13 2017, @05:28PM (#567306) Journal

    It doesn't *require* a library. But the point of a library is that the author of the App is Unaware of the nefarious code buried in his app. The library author is trying to take advantage of two different Apps, by two different authors, having a set of privileges that when combined yield some capability to do harm that neither app alone could accomplish -- and unbeknownst to either app's author, and possibly to the Google Play store.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.