When the medicine is more dangerous than the disease: mobile antivirus security assessment

Mobile malware sprang up in the cellular world shortly after the appearance of the first "smart" phone. As the years went by, the number of infected devices have been steadily increasing. While platform developers had been combating the problem by establishing trusted sources and analyzing the application code in the App stores, antivirus vendors came on stage with the mobile version of their products. There are lots of heated discussions like "Is mobile anti-virus necessary?"  or "Does mobile antivirus software really protect smartphones?". Rather than starting another "holywar" about mobile antivirus on this topic, we want is to answer a bit opposite question: "Is it SECURE to use mobile antivirus?"

In our research we took a sample of Android mobile antiviruses and made a security assessment of it. Surprisingly we found that in some cases using mobile antivirus creates more danger than not using it. Most of antiviral software demands too much permissions what has a potential of truly bad consequences. Remote code execution, absence of code signing or cryptographic support, fake antivirus defense, insecure update methods, denial of service -- it is just a short list of flaws that we have found. Multiply the number of flaws with the million-scaled downloads counter -- and you get the size of the real threat. In this talk we will discuss security vulnerabilities of mobile antiviruses, outline most common flaws and show some statistics. Hopefully by the end of the talk the answer to the question stated in the previous paragraph will be apparent to the respected audience.

Język prezentacji: angielski