Skip to main content
Log in

Exposing mobile malware from the inside (or what is your mobile app really doing?)

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

It is without a doubt that malware especially designed for modern mobile platforms is rapidly becoming a serious threat. The problem is further multiplexed by the growing convergence of wired, wireless and cellular networks, since virus writers can now develop sophisticated malicious software that is able to migrate across network domains. This is done in an effort to exploit vulnerabilities and services specific to each network. So far, research in dealing with this risk has concentrated on the Android platform and mainly considered static solutions rather than dynamic ones. Compelled by this fact, in this paper, we contribute a fully-fledged tool able to dynamically analyze any iOS software in terms of method invocation (i.e., which API methods the application invokes and under what order), and produce exploitable results that can be used to manually or automatically trace software’s behavior to decide if it contains malicious code or not. By employing real life malware we assessed our tool both manually, as well as, via heuristic techniques and the results we obtained seem highly accurate in detecting malicious code.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Luo H, Shyu ML (2011) Quality of service provision in mobile multimedia—a survey. Human-centric Computing and Information Sciences 1:5. doi:10.1186/2192-1962-1-5

    Article  Google Scholar 

  2. Damopoulos D, Kambourakis G, Gritzalis S (2011) iSAM: an iPhone stealth airborne malware. In: Proceedings of the IFIPSec 2011, vol 354(2011). Springer, New York, pp 17–28

    Google Scholar 

  3. Damopoulos D, Kambourakis G, Anagnostopoulos M, Gritzalis S, Park JH (2012) User-privacy and modern smartphones: a Siri(ous) dilemma. In: Proceedings of the FTRA AIM 2012

  4. La Polla M, Martinelli F, Sqandurra D (2012) A survey on security for mobile devices. In: IEEE communication surveys & tutorials. IEEE Press, New York

    Google Scholar 

  5. Teraoka T (2012) Organization and exploration of heterogeneous personal data collected in daily life. Human-centric Computing and Information Sciences 2:1. doi:10.1186/2192-1962-2-1

    Google Scholar 

  6. Lookout Mobile Security (2012) Mobile threat report. https://www.mylookout.com/mobile-threat-report. Accessed 20 July 2012

  7. Dafir Ech-Cherif El Kettani M, En-Nasry B (2011) MIdM: an open architecture for mobile identity management. JoC 2(2):25–32

    Google Scholar 

  8. Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware analysis techniques and tools. ACM Comput Surv 44(2):6:1–6:42. doi:10.1145/2089125.2089126

    Google Scholar 

  9. Rieck K, Trinius P, Willems C, Holz T (2011) Automatic analysis of malware behavior using machine learning. J Comput Secur 19(4):639–668

    Google Scholar 

  10. Egele M, Kruegel C, Kirda E, Vigna G (2011) PiOS: detecting privacy leaks in iOS applications. In: 18th annual network and distributed system security symposium (NDSS), ISOC

  11. Li T, Yu F, Lin Y, Kong X, Yu Y (2011) Trusted computing dynamic attestation using a static analysis based behaviour model. JoC 2(2):61–68

    Google Scholar 

  12. Blount JJ, Tauritz DR, Mulder SA (2011) Adaptive rule-based malware detection employing learning classifier systems: a proof of concept. In: Proceedings of the 35th IEEE computer software and applications conf. workshops. IEEE Computer Society Press, Los Alamitos

    Google Scholar 

  13. Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Secur Commun Netw 5(1):3–14

    Google Scholar 

  14. Hahnsang K, Kang GS, Padmanabhan P (2010) MODELZ: monitoring, detection, and analysis of energy-greedy anomalies in mobile handsets. IEEE Trans Mob Comput 10(7):968–981

    Google Scholar 

  15. Bickford J, Lagar-Cavilla HA, Varshavsky A, Ganapathy V, Iftode L (2011) Security versus energy tradeoffs in host-based mobile malware detection. In: Proceedings of the MobiSys ’11 proceedings of the 9th international conference on mobile systems, applications, and services. ACM Press, New York

    Google Scholar 

  16. Schmidt AD, Bye R, Schmidt HG, Clausen J, Kiraz O, Yuksel KA, Camtepe SA, Albayrak S (2009) Static analysis of executables for collaborative malware detection on android. In: Proceedings of the 9th IEEE int’l. conference on communications. IEEE Press, New York

    Google Scholar 

  17. Bläsing T, Batyuk L, Schmidt AD, Camtepe SA, Albayrak SAS (2011) An android application sandbox system for suspicious software detection. In: Proceedings of the 6th int’l. conf. on malicious and unwanted software. IEEE Press, New York

    Google Scholar 

  18. Shabtai A, Fledel Y, Elovici Y (2010) Automated static code analysis for classifying android applications using machine learning. In: Proceedings of the 2010 int’l. conf. on computational intelligence and security. IEEE CS Press, Los Alamitos

    Google Scholar 

  19. Luo K (2011) Using static analysis on Android applications to identify private information leaks. RPE Report, Dept. of Computing and Information Sciences, Kansas State University

  20. Burguera I, Zurutuza U, Nadjim-Tehrani S (2011) Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM Press, New York

    Google Scholar 

  21. Batyuk L, Herpich M, Camtepe SA, Raddatz K, Schmidt AD, Albayrak S (2011) Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: Proceedings of the 6th int’l. conf. on malicious and unwanted software. IEEE Press, New York

    Google Scholar 

  22. Szydlowski M, Egele M, Kruegel C, Vigna G (2011) Challenges for dynamic analysis of iOS applications. In: Proceedings of the workshop on open research problems in network security. Springer, New York

    Google Scholar 

  23. Miller C (2012) Breaking iOS code signing. In: Proceedings of the symposium on security for Asia network (SyScan)

  24. Nygard S (2012) Class dump. http://www.codethecode.com/projects/class-dump. Accessed 20 July 2012

  25. The iPhone Wiki (2012) MobileSubstrate. http://iphonedevwiki.net/index.php/MobileSubstrate. Accessed 20 July 2012

  26. The iPhone Wiki (2012) Theos. http://iphonedevwiki.net/index.php/Theos. Accessed 20 July 2012

  27. Rastignac (2012) poedCrackMod. http://hackulo.us/wiki/PoedCrackMod. Accessed 20 July 2012

  28. Porras P, Saidi H, Yegneswara V (2009) An analysis of the Ikee-B (Duh) iPhone botnet. Technical Report, SRI International Computer Science Laboratory

  29. Rahman MS, Yan G, Madhyastha H, Faloutsos M, Eidenbenz S, Fisk M (2012) iDispatcher: a unified platform for secure planet-scale information dissemination. Peer-to-Peer Netw Appl. doi:10.1007/s12083-012-0128-8

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Dimitrios Damopoulos.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Damopoulos, D., Kambourakis, G., Gritzalis, S. et al. Exposing mobile malware from the inside (or what is your mobile app really doing?). Peer-to-Peer Netw. Appl. 7, 687–697 (2014). https://doi.org/10.1007/s12083-012-0179-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-012-0179-x

Keywords

Navigation