There are nearly 1,000,000 free and paid Android apps available.  A very small percentage of these mean to do you harm. Figuring out which apps are the bad ones is difficult enough for the average user, but it's not much easier for malware analysts.  Analysis tools and automation can help to filter this flood of apps.

Towards the end of discovering new unknown malware in a timely manner, we are developing new heuristics.

We will cover:
*     Existing analysis tools: manual and automated
*     Data leakage and permissions abuse
*     Development of new tools and heuristics for malicious Android apps
*     Comparing the results of running the heuristics vs. manual analysis

BIOS: Jimmy Shah is a Mobile Security Researcher specializing in analysis of mobile/embedded threats on existing platforms (Windows Phone 8, iOS, Android) and potential mobile malware and spyware. If it's lighter than a car, has a microprocessor, and is likely to be a target it's probably his problem. He has presented on mobile threat research at a number of computer security conferences.

David Shaw is the Senior Director of Engineering at Redspin, specializing in External and Application security assessments, with particular interest in exploit development and unconventional attack vectors. David was a speaker at ToorCon 12 and LayerOne 2013, and was the technical editor of the Nmap 6: Network Exploration and Security Auditing Cookbook.

Matthew McDevitt is a security and malware researcher. After 8 years' experience in systems administration, Matt began professionally pursuing information security, his hobby since young adulthood. Matt is currently a Mobile Malware Researcher and specializes in x86 and embedded system malware analysis.

Back to BSides Las Vegas 2013 video list