DIG IT AWARD FINALIST: CYBERSECURITY
Real-time protection against malicious mobile traffic
- By Patrick Marshall
- Oct 05, 2017
The name of Mitre's intrusion-prevention app for Android might be less than transparent, but its purpose is not. APE was designed to monitor network traffic on smartphones and block any activity that isn’t playing by the rules, whether it comes from malware, viruses or a hacker.
“I initially focused on a slightly different problem,” said Mark Mitchell, APE’s developer and a senior multidiscipline systems engineer at Mitre. “In my personal experience, I noticed what seemed to be a lack of publicly available information about what types of attacks were being used against smartphones in the wild. This caused me to look into monitoring network traffic on smartphones.”
Then Mitchell had an “Aha!” moment. “Instead of just monitoring network traffic and recording statistics and metadata, I thought, ‘Why don’t I just block the attacks in real time?’”
Mitchell began building APE nearly two years ago but said it was put on hold for a time. “Then we were accepted into the Department of Homeland Security’s Transition to Practice Program, a technology accelerator that focuses on enabling technology transition from the lab into the broader marketplace,” he said. “They’ve helped us to further focus on a real-world problem and to validate the market and the technology itself.”
APE examines all IPv4 network traffic that enters and leaves the smartphone via cellular or Wi-Fi connections and then compares the traffic to a locally stored rule set that defines malicious behavior. If the traffic violates the rules, the app blocks the data packet. The app can also block specific IP addresses, likely attack byte patterns and unnecessary protocols.
According to Mitchell, APE is designed to be invisible to users unless a problem is detected. And a key to the app’s effectiveness is the fact that it is an app instead of part of the operating system.
“It operates in normal user space, so it can be updated much more quickly than the operating system itself,” Mitchell said. “A patch for Android typically takes at least a few weeks to deploy, or it can take months, or you may never get a patch.”
Mitchell said the future of APE — its exact feature set and market appearance — will be up to a commercialization partner. Although the timing is unclear, “we’ve had interest from a few companies,” he said.
And what about the name? The “A,” somewhat recursively, stands for “APE.” The “P” stands for “prevention.” And the “E”? It’s just the third letter in “prevention.”
Editor's note: This article was changed Oct. 9 to attribute Mitre as the developer/owner of the APE app.
Patrick Marshall is a freelance technology writer for GCN.