news4geeks.net
23Jul/120

Black Hat demo: Google Bouncer malware detection can be beaten

Posted by vica

Google in February implemented in its Google Play (formerly Android Market) a technology called Bouncer to check apps submitted by Android developers for any traces of malicious code. This week at the Black Hat Conference in Las Vegas, security firm Trustwave will demonstrate and discuss how it's possible to circumvent the Google Bouncer security check.

Trustwave proved to itself that its masking technique could get past Bouncer's detection by getting a malicious app it created into Google Play earlier this year, says Nicholas Percoco (shown here), senior vice president and head of Trustwave's SpiderLabs advanced security team. "We wanted to test the bounds of what it's capable of," he says, describing how Trustwave as a registered Android developer created an app called "SMS Blocker." When downloaded to a smartphone, the app would be able to steal contacts, SMS messages and photos, and basically know anything about the device. The app could also make the phone go to arbitrary Web pages or launch a denial-of-service attack. He says: "Google never flagged it." Read more...

Tagged as: , , , Continue reading
   

Tags

Amazon Android Apple apps browser business China Chrome Cloud data devices Facebook Firefox Google Hackers hardware HP IBM Intel Internet iPad iPhone IT LINUX Malware market Microsoft Mozilla network Nokia Oracle OS RIM Samsung Security smartphones software Sony tablets Twitter web website Windows Windows 8 Yahoo

Categories

Calendar

May 2013
M T W T F S S
« Apr    
 12345
6789101112
13141516171819
20212223242526
2728293031