Coventry University to counter cyber criminals' app attacks
Thursday 27 February 2014
Coventry University is playing a leading role in a new £3 million research programme taking on cyber criminals who use malicious apps which can collude with each other to infect the smartphone in your pocket.
The project, which is funded by the Engineering and Physical Sciences Research Council (EPSRC), will see Coventry's cyber security experts receive a £190,000 share to work on new ways to detect instances of 'app collusion' – where two apps work together to bypass security measures on a device.
Coventry will be working with City University London, Swansea University and internet security company McAfee on the app collusion aspect of the project, which is worth over half a million pounds.
The multi-university collaboration will also see Royal Holloway, Imperial College London and the universities of Liverpool, Birmingham and Edinburgh work on different aspects of mobile security.
Malware attacks are rising year on year – and over one million new Android malware attacks were identified in 2013 by McAfee, a division of Intel Security.
Malicious apps can gain access to any personal data on a smart device, including address books, passwords, PIN numbers and GPS coordinates.
An example of app collusion – one of the latest and most innovative cyber security threats – would be one app which is permitted to access your personal data passing that data to a second app which is allowed to transmit information over the network – allowing them to carry out 'attacks' that neither app could carry out alone.
Dr Siraj Shaikh, reader in cyber security, is leading Coventry University's part in the research project. He said:
People are certainly waking up to the fact that as their smartphones become more sophisticated, so do the methods of attack which target their personal data. However there is still a way to go to increase awareness, and research programmes like this are critical in ensuring we stay a step ahead of the criminals exploiting security weaknesses.
Here at Coventry, our Digital Security and Forensics (SaFe) research group will be leading on the detailed analysis of app behaviour to see how two or more apps could be profiled for suspicious 'colluding' behaviour. This is particularly relevant for Android platforms, which by their very design are more open and flexible, and allow users to download apps from different sources. It's only going to become more of a concern in the coming years, as apps integrate with other technologies such as cars and household appliances.
Dr Igor Muttik, a senior principal architect at McAfee, a division of Intel Security, said:
We're up against really sophisticated malware – some even used by nation states for spying. All attackers are well aware of the technology involved in detecting and tracking them. Malware operators often take an industrial approach to cybercrime; they try to maximise their benefits from malware. So, we need to constantly raise the bar by improving the technology and this will make it more complex and less profitable for them to operate.
In 2011 Coventry University led the way in cyber defence in the higher education sector by launching a state-of-the-art ethical hacking lab to train the next generation of information security professionals. The University offers an undergraduate degree programme in ethical hacking and cybersecurity, and a master's course in forensic computing.