New mobile-malware detection technique uses gestures

27.03.2015
Mobile malware is a growing problem, but researchers from University of Alabama at Birmingham have figured out a new way of detecting when shady mobile apps get up to no good, such as trying to call premium-rate numbers unbeknowst to a phone's owner.

The technique relies on using the phone's motion, position and ambient sensors to learn the gestures that users typically make when they initiate phone calls, take pictures or use the phone's NFC reader to scan credit cards.

Some mobile malware programs already abuse these services and security researchers expect their number will only increase.

The technology developed by the UAB researchers can monitor those three services and can check whether attempts to access them are accompanied by the natural gestures users are expected to make. If they're not, they were likely initiated by malware.

The research, which involved collecting data from real-life scenarios to train the technology, showed that detecting different gestures and using them to differentiate between user-initiated actions and automated ones can be done with a high degree of accuracy. As such, the technique can be a viable malware defense.

The technology doesn't require root access on the device and it's better than the signature-based approach used by most mobile antivirus programs, according to Nitesh Saxena, director of UAB's Security and Privacy In Emerging computing and networking Systems (SPIES) Lab.

"The current anti-virus software do not detect evolving forms of malware due to lack of signatures for such malware," Saxena, one of the research's authors, said via email. "In contrast, our approach does not rely upon any signatures."

The UAB researchers presented their findings at the IEEE PerCom conference Thursday and plan to commercialize the technology in the future.

Lucian Constantin