As Android ransomware continues to evolve, defenders are trying to keep pace. Most of the efforts to defeat ransomware have come through third-party security software and behavioral changes, but now Google is making a change to the next version of the mobile operating system to prevent a key part of some ransomware threats.
One of the elements of some Android ransomware variants is a function that will change the PIN or gesture used to unlock the device. This prevents the victim from being able to go in and remove the malware, forcing the ransom payment. The function that these ransomware variants use to reset the password is a specific part of Android and it will be modified in Android Nougat, the upcoming version of the OS.
“The malware sets or resets the password (either a PIN or a pattern) for the device’s lockscreen by invoking the ‘resetPassword’ method. In order to invoke this method, the calling application must be a device administrator,” Dinesh Venkatesan, a principal threat analysis engineer at Symantec, said in an analysis of the new feature.
“The upcoming Android version, known as Android Nougat, will introduce a condition so that the invocation of the resetPassword API can only be used to set the password and not to reset the password.”
The change is an important one, as it takes away one of the main avenues that mobile ransomware has to force victims to pay the ransom. If the user can’t get into the device or find a way to remove the ransomware, he’s left with few choices but to pay the ransom. Now, Android will take the password reset option away from ransomware creators.
“This development will be effective in ensuring that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat. Backward compatibility would have allowed malware to reset the lockscreen password even on newer Android versions. With this change, there is no way for the malware to reset the lockscreen password on Android Nougat,” Venkatesan said.
That doesn’t mean that ransomware will hit a brick wall on Nougat, but it’s a significant defense mechanism that will make life a little more difficult for attackers.
