2 min read

Google Bouncer Check Easy to Bypass, Proof-of-Concept Attack Shows

Bogdan BOTEZATU

June 05, 2012

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Bouncer Check Easy to Bypass, Proof-of-Concept Attack Shows

Researchers Jon Oberheide and Charlie Miller have successfully dodged the notorious Google Bouncer, a security system meant to analyze and reject malicious Android applications before they are published on Google Play.

According to the findings detailed in the blog post, the researchers managed to implement a remote shell in an application they submitted for publication. When the Google Bouncer started to analyze the application, Oberheide and Miller got access to the remote shell and managed to probe the Bouncer infrastructure.

In simple terms, whenever an application is tested, the Google Bouncer infrastructure runs it in an emulated Android device hosted by Bouncer. Through the included shell, the researcher gained remote access to the emulated device running within the Bouncer system.

We can poke around the system using our shell to look for interesting attributes of the Bouncer environment such as the version of the kernel its running, the contents of the file system, or information about some of the devices emulated by the Bouncer environment,“ the researchers wrote in the blog post.

Among other interesting discoveries, the researchers noted that the /sys directory holds the qemu_trace directory which can tell the application that it is being run into a virtual machine. This may not appear to be much, but, since the Bouncer is just a screening technology, it can be fooled by including extra logic inside the application for it to become aware if it is being analyzed or run in a user`s device. The logic would resume to: if the qemu_trace folder is present and if the other attributes of the environment match the Bouncer`s, then behave as if you`re being analyzed. If not, start wreaking havoc, because you`re probably installed on a smartphone or tablet.

This is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device,” Oberheide mentioned in the teaser video.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read