Project to detect collusion attacks on Android begins

Collusion attacks use malicious apps to circumvent Android controls in order to pass data to criminals

Coventry University's Dr Siraj Shaikh has begun a three-year cyber security project which focuses on the detection of collusion attacks.

Collusion attacks use malicious applications to circumvent Android controls - so one application may get permission to access a contact's personal data, and then it could encourage that contact to install another application that has access to the internet, so that it can transmit the data over the network to criminals.

The project has City University as principal investigator, and Coventry and Swansea universities as co-principal investigators. Security firm McAfee is making a £28,000 contribution to the project, which has a total budget of more than £600,000.

Speaking at Computing's Enterprise Security and Risk Management Summit in London today, Shaikh told delegates that many applications on mobile devices were already collaborating, such as Facebook and WhatsApp, which use the mobile owner's contacts or location.

The task for Shaikh and his team is to understand the problems and associated risks with such sharing.

He stated that the first part of the project was to "try to define collusion".

"There are scenarios where apps will have permission space that they don't need. Strictly speaking, these are not counted as collusion as [the apps involved] will usually play a certain role, one will be active and one will be passive," Shaikh said.

He suggested that a certain app may only be risky if you have another app installed.

"We're trying to look at the software and see if they are colluding. Part of it is trying to understand the originator of the app," Shaikh explained.

Shaikh will also be looking into the potential of such attacks within the automobile industry because of the rise of connected cars.

He said that he had a keen interest in the area as a result of reports of Toyota having to recall cars because of a software fault, and a report of hackers being able to hijack the wireless pressure sensors built into car tires.