Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

(In-)security of smartphone anti-virus and security apps

: Huber, Stephan; Rasthofer, Siegfried

presentation (PDF; )

26th Virus Bulletin International Conference 2016. Online resource : 5 to 7 October 2016, Denver, Colorado, USA
Denver/Colo., 2016
49 Folien
Virus Bulletin International Conference (VB) <26, 2016, Denver/Colo.>
Conference Paper, Electronic Publication
Fraunhofer SIT ()

Android is by far the most popular operating system for smartphones today. Many people entrust their Android-based phone with highly sensitive data such as business documents and credit card information, or perform critical tasks such as online banking on their devices. To protect their devices against threats from malware or attackers who aim to exploit security vulnerabilities, many users rely on anti-virus and security apps available from renowned vendors. In this paper, we show that those apps contain severe vulnerabilities on their own, and that installing them can even decrease the overall security of the device. We analysed the most frequently downloaded security apps and found that they were vulnerable to remote code execution and malware database downgrades. Some anti-virus scanners could be disabled remotely without the user noticing, or devices could be locked and wiped remotely without proper authentication. We show that, when it comes to the security of their own code, security apps are no better than regular apps.