Smartphone malware protection using computing security similar to captcha

Are you human or a bot?

Credit: Phil Whitehouse on Flickr

Mobile phones are ubiquitous. One of the allures of mobile phones is that they are personal. A smartphone can store zillion details about its owner in ways never imagined before. Furthermore, mobile phones have extended their use to virtually every aspect of our lives - from making calls to financial transactions. It is then imperative that we take the security of mobile devices as much as important as desktops and laptops. Protecting mobile devices against malware or malicious software implies preserving our privacy.

A research team at the University of Alabama at Birmingham have devised a malware detection technique that is simple and akin to captcha verification on computers. The technique involves the detection of hand gestures common with three primary smartphone services like calling, tapping and snapping using motion, position and ambient sensors to give the phone protection against attacks by malware.

Captcha was invented to prevent bots from adding urls to search engines. It is a test used in computing to determine whether the user is a human or not. Malware cannot perform common user gestures which is a familiarity on mobile devices or smartphones, such as tapping, dragging the screen etc; this distinction was used as a security advantage for identifying malware from human gestures whenever a phone attempts making calls, or is performing tasks that involve human gestures.

By the way, the user gesture is one of the weak security points of smartphones. They put themselves at risk by downloading apps that are insecure, or they just click “yes” to an ad without extensive verification. The research team is using this weakness to advantage.

In the future we could see secured gesture techniques extended to commercial grade smartphones and also to other areas of smartphone use, such as sending SMS or email.