Matthias Neugschwandtner

Learn More
Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the(More)
Android dominates the smartphone operating system market and consequently has attracted the attention of malware authors and researchers alike. Despite the considerable number of proposed malware analysis systems, comprehensive and practical malware analysis solutions are scarce and often short-lived. Systems relying on static analysis alone struggle with(More)
Dowser is a ‘guided’ fuzzer that combines taint tracking, program analysis and symbolic execution to find buffer overflow and underflow vulnerabilities buried deep in a program’s logic. The key idea is that analysis of a program lets us pinpoint the right areas in the program code to probe and the appropriate inputs to do so. Intuitively, for typical buffer(More)
The smartphone industry has been one of the fastest growing technological areas in recent years. Naturally, the considerable market share of the Android OS and the diversity of app distribution channels besides the official Google Play Store has attracted the attention of malware authors. To deal with the increasing numbers of malicious Android apps in the(More)
The steadily increasing number of malware variants is a significant problem, clogging the input queues of automated analysis tools. The generation of malware variants is made easy by automatic packers and polymorphic engines, which produce by encryption and compression a multitude of distinct versions. A great deal of time and resources could be saved by(More)
To handle the large number of malware samples appearing in the wild each day, security analysts and vendors employ automated tools to detect, classify and analyze malicious code. Because malware is typically resistant to static analysis, automated dynamic analysis is widely used for this purpose. Executing malicious software in a controlled environment(More)
WebView is a technique to mingle web and native applications for mobile devices. The fact that its main incentive requires making data stored on, as well as the functionality of mobile devices, directly accessible to active web content, is not without consequences to security. In this paper, we present a threat scenario that targets WebView apps and show(More)
In the escalating arms race between malicious code and security tools designed to analyze it, detect it or mitigate its impact, malicious code running inside the operating system kernel provides an extremely powerful tool. Kernel-level code can introduce hard to detect backdoors, provide stealth by hiding files, processes or other resources and in general(More)
Attacks that leverage USB as an attack vector are gaining popularity. While attention has so far focused on attacks that either exploit the host's USB stack or its unrestricted device privileges, it is not necessary to compromise the host to mount an attack over USB. This paper describes and implements a <i>USB sniffing</i> attack. In this attack a USB(More)
JIT spraying has an assured spot in an attacker's toolkit for Web browser exploitation: With JIT spraying an attacker is able to circumvent even the most sophisticated defense strategies against code injection, including address space layout randomization (ASLR), data execution prevention (DEP) and stack canaries. In this paper, we present Lobotomy, an(More)