Formaltech Releases Tool to Reveal Inter-Application Collusion in Android Apps

Share Article

FUSE platform identifies potential security vulnerabilities, tracks information flow through multiple apps

Formaltech

App collusion has been shown to be extant and active in the Android app ecosystem, and now with FUSE, analysts and security professionals can protect users by detecting app collusion before cybercriminals can exploit it

Formaltech, Inc. today announced FUSE, a Defense Advanced Research Projects Agency (DARPA)-funded tool that detects inter-application collusion and other vulnerabilities in Android apps. The FUSE platform identifies potential security vulnerabilities and tracks information flow through multiple apps, revealing potential collusion between apps.
 
App collusion allows cybercriminals to perform a wide range of malicious activities and bypass conventional operating system fail-safes and user permissions. In June, McAfee Labs identified active threats in the mobile ecosystem where cybercriminals had used multiple apps to steal data through collusion. In fact, McAfee Labs’ June 2016 Threats Report identified more than 5,000 versions of 21 consumer mobile apps that collude to steal data and files, send fake text messages, and conduct other malicious activity.

The detection of collusion in Android apps is addressed by FUSE, a unique tool that allows analysts to see how a collection of apps operates together on an Android device, and to identify potential data flows that enable collusion. The patented tool uses static binary analysis to detect vulnerabilities without requiring the source code of the apps, allowing security professionals to analyze third party apps without vendor cooperation. It operates in the cloud and scales linearly, supporting Android app (APK) analysis from anywhere. Developers and testers can easily drill down in the FUSE interface when FUSE displays errors, warnings and informational alarms.
 
“By cleverly leveraging individual app permissions, cybercriminals can orchestrate multiple apps to work in concert maliciously, a unique threat that can affect even the most secure environment,” said James Dirksen, CEO of Formaltech. “App collusion has been shown to be extant and active in the Android app ecosystem, and now with FUSE, analysts and security professionals can protect users by detecting app collusion before cybercriminals can exploit it.”

In addition to revealing collusion between apps, FUSE automatically checks for dozens of vulnerabilities in individual mobile apps. It can identify exposure to outside attacks, data leaks, weak encryption, and improper permissions handling—all without requiring source code. For a complete list of individual vulnerabilities, click here.
 
About Formaltech
Rooted in advanced research and development, Formaltech takes cutting-edge, DoD-funded research and transitions it to product-ready components for OEMs and Fortune 500 companies. The Formaltech team is comprised of experts in cryptography and computer security along with an experienced team of product development veterans. Formaltech works with companies around the world to make products and networks better, more secure, and more reliable.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Visit website