Gestures Could Be Used as a Mobile-Malware Detection Tool
Researchers from the University of Alabama might have found a new way to combat mobile-based malware. Every user has a distinguishable pattern of gestures that he executes while interacting with the smartphone, pattern which could be used as an identification method. The logic behind this project is pretty simple: a malware won't be able to imitate human gestures when activating certain functions of the phone, thus becoming an easy target to spot. But, even though preliminary tests have indicated that this approach is more reliable than signature-based methods, its integration in antivirus software might still take a long while.
In today's mobile world, there are a lot of malicious apps that try to take over specific services. Most existent malware is made to target three main smartphone services: picture-taking, call-initiating and NFC card scanning. The ones that go after images are generally spyware which upload your media files to places where others can easily access them; those that trigger the calling function generally cost the victim a lot of money as they dial premium-cost numbers, while the ones going after the NFC chip try to get a hold of the user's credit card information.
According to the scientists, malware attacks against mobiles won't stop, but will actually become more frequent as smartphones are getting more and more involved in our daily activities, and this is why we need better protection against them. The researchers have found that they can use the phone's ambient, motion and location sensors to establish a pattern that could identify the user and that the malware wouldn't know how to repeat. Using this method they were able to differentiate between user-initiated actions and the ones activated by the malware. A big advantage is that the technology necessary for this approach doesn't require rooting, so the degree of safety is even higher. The UAB security researchers will present their findings at Thursday's IEEE PerCom conference.
