The Honeynet project presented an excellent opportunity to improve your and the community's approaches for analyzing mobile device malware. The group's Forensic Challenge 9 gives you the opportunity to respond to a security incident that involved a smart phone. Honeynet's Christian Seifert provided us with the following description of the scenario:
Christian also pointed out that the Honeynet Project--as a result of its participation in Google Summer of Code--released two tools for analyzing mobile device malware. According to him:
DroidBox, authored by Patrick Lantz, is a sandbox for the Android platform. "It focuses on detecting information leaks that were derived from performing taint analysis for information-flow tracking on Android trojan applications. DroidBox is capable to identify information leaks of contacts, SMS data, IMEI, GPS coordinates, installed apps, phone numbers, network traffic and file operations."
APKInspector, authored by Cong Zheng, "is a full blown static analysis tool for the Android platform. It has resemblance of tools like IDAPro. Some functionality highlights are:
For additional resources that may help you analyze Android malware, see 8 Articles for Learning Android Mobile Malware Analysis. If you know of additional tools and references, please leave a comment.
Lenny Zeltser focuses on safeguarding customers' IT operations at Radiant Systems. He also teaches how to analyze and combat malware at SANS Institute. Lenny is active on Twitter and writes a daily security blog.
Sep 7th 2011
7 years ago