Universities get £3m research fund to fight hackers' mobile malware

Engineering and Physical Sciences Research Council looks to help protect against increasing risk of cyber criminals targeting smartphones

Research teams across four UK universities have been given shares of £3m in funding by Engineering and Physical Sciences Research Council (EPSRC) to help counter the threat of malware distributed through mobile applications.

Teams at Royal Holloway University of London, City University London, Coventry University and Swansea University are all set to take part in projects aimed at fighting the rise in malicious attacks by hackers and other cyber criminals which target smartphones and tablets.

The research teams will also be partnering with McAfee as they take the fight to cyber criminals.

Indeed, recent research by BAE Systems Applied Intelligence revealed that the vast majority of IT leaders believe that mobile devices provide a ‘significant risk' to cyber security in their organisations.

During 2013 alone, more than one million new Android malware attacks were discovered as cyber criminals increasingly target mobile devices as an easy way of making money, be it via stealing online banking details or using infected phones to send messages to premium rate numbers.

"People are certainly waking up to the fact that as their smartphones become more sophisticated, so do the methods of attack which target their personal data," said Dr Siraj Shaikh, reader in cyber security, leader in Coventry University's part in the research project.

"However, there is still a way to go to increase awareness, and research programmes like this are critical in ensuring we stay a step ahead of the criminals exploiting security weaknesses."

Dr Shaikh and his team will be examining app behaviour, something he views as particularly important for open platforms like Android, especially as the internet-of-things will see more and more devices become internet enabled.

"Here at Coventry, our Digital Security and Forensics (SaFe) research group will be leading on the detailed analysis of app behaviour to see how two or more apps could be profiled for suspicious ‘colluding' behaviour," he said.

This is particularly relevant for Android platforms, which by their very design are more open and flexible, and allow users to download apps from different sources.

"It's only going to become more of a concern in the coming years, as apps integrate with other technologies such as cars and household appliances," Dr Shaikh added.

Coventry University, City University London and Swansea University are set to research app collusion detection. Meanwhile, the Information Security Group at Royal Holloway University of London will study the behaviour of apps on Android operating systems and develop new techniques to spot malicious apps.

"We're up against really sophisticated malware - some even used by nation states for spying. All attackers are well aware of the technology involved in detecting and tracking them," added Dr Igor Muttik, senior principal architect at McAfee.

"These cyber-criminals often take an industrial approach to malware; they try to maximise their benefits from it. So, we need to constantly raise the bar by improving the technology and this will make it more complex and less profitable for them to operate."