Mobile malware research teams bag £3m funding boost

Malware on binary

A 3 million grant has been awarded to several UK universities to fund research to help clamp down on cyber criminals who prey on smartphone users via malicious apps.

The money has been awarded by the Engineering and Physical Sciences Research Council (EPSRC), which funds research and postgraduate training in engineering and physical sciences at universities across the UK.

The 3 million sum has been split between two app research teams. The first is from Royal Holloway University of London, while the second features the combined efforts of academics from City University London, and Coventry and Swansea universities.

We're up against really sophisticated malware some even used by nation states for spying.

A portion has also been awarded to three further research teams whose work focuses on shoring up the UK's cyber defences.

Reports about malicious smartphone apps that leak data or dial-up premium phone lines without the user's knowledge regularly do the rounds, and can prove hugely lucrative for cyber criminals.

Dr Lorenzo Cavallaro, a lecturer in the information security group at Royal Holloway, said his research team will be examining the behaviour of Android apps to make it easier to spot malicious ones.

"You may think the phone in your pocket is safe, but think again. We're used to considering our phones as a trusted, private channel of communication, and suitable to receive authentication information to access specific online services," said Cavallaro.

"Unfortunately, this information can be leaked or abused by colluding malware if the mobile device is infected."

The issue of colluding apps, whereby one app accesses a user's personal data before passing it on to a second one that can transmit the information over a network, is a growing threat to smartphone users.

Professor Tom Chen, research team leader at City University London, Swansea and Coventry universities, explained: "Currently almost all academic and industry efforts are focusing on single malicious apps; almost no attention has been given to colluding apps.

"Existing antivirus products are not designed to detect collusion," Chen added.

Both teams are being assisted by antivirus software vendor McAfee, who will provide researchers with access to a library of safe apps to assist in their efforts to analyse mobile malware.

Dr. Igor Muttik, a senior principal architect at Intel-owned McAfee, said the researcher's work should help ensure users remain one step ahead of cyber criminals.

"We're up against really sophisticated malware some even used by nation states for spying. All attackers are well aware of the technology involved in detecting and tracking them," said Muttik.

"These cyber criminals often take an industrial approach to malware; they try to maximise their benefits from it. So, we need to constantly raise the bar by improving the technology and this will make it more complex and less profitable for them to operate."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.