The Fraunhofer Institute for Secure Information Technology has discovered severe security vulnerabilities in security apps for Android, including Avira, Kaspersky, McAfee, Eset, and Clean Master Security. These vulnerabilities can be exploited to turn such apps into attack tools, taking control of smartphones and then extorting their owners financially.

"According to our estimates, up to 675 million devices worldwide could be affected," says Michael Waidner, director of Fraunhofer SIT.

Ransomware, keyloggers, or spyware – the number of attacks on smartphones is increasing. This was determined in the Federal Office for Information Security’s most recent report on the state of IT security in Germany. Many smartphone users protect themselves with the help of security apps that detect viruses and malware. These apps are able to mitigate threats and warn the user of unsafe websites and phishing attacks. However, latest tests conducted at Fraunhofer SIT showed that security apps can not only mitigate security issues, but also cause new ones. The Institute’s experts for software security examined security apps from selected providers, among them the at that time current versions of well-known providers including Avira, Kaspersky, McAfee, Eset, and Clean Master Security, in all of which the experts found security vulnerabilities.

According to experts at Fraunhofer SIT, by exploiting these vulnerabilities, attackers can disable the security apps' protective functions without users noticing. Personal data like address books or calendars can also be stolen. In the worst case scenario, these security apps can be turned into ransomware that aids criminals in locking phones to extort money from smartphone owners.

"We informed the manufacturers immediately. The vast majority reacted promptly and closed the security vulnerabilities," explains Waidner. "The security problems have been resolved on smartphones that download automatic updates from the app-stores. If users have not enabled the automatic update function, they should update their apps to protect themselves from possible attacks."

The researchers at Fraunhofer SIT have found various types of security problems. The essential cause of many of the vulnerabilities detected lies in the apps downloading update information every hour. This information includes patterns for the recognition of viruses, which comes from the manufacturer’s servers. The apps do not sufficiently check whether the update has potentially been manipulated. "If the channel used to download the update has been compromised, code can be infiltrated by means of the man-in-the-middle principle," Waidner explains. "A simple way to do this involves an attack via a public wireless network. If a hacker manipulates traffic using this technique, then everyone using the security app in the same public access point can fall victim to such an attack."