Are you ready to sign your kids up to reverse engineer Android malware?

This is a guest post from Su Gim Goh of F-Secure Labs.

Last Wednesday marked the beginning of our first lecture at the Aalto University (Espoo campus) in Finland for our Reverse Engineering Malware course for the spring 2013 semester. This course expands and continues F-Secure’s longstanding efforts to promote education in information security, which started in 2008 with a course in Malware Analysis and Antivirus Technologies with the Helsinki University of Technology.

Aalto University’s Reverse Engineering Malware course is taught by security researchers from our Security Lab in Helsinki. The program teaches students about what malicious code is, how it can be analyzed, and how to reverse engineer executable code for different platforms, such as Windows and Android.

Towards the end of the course, students are also exposed to more advanced topics, such as understanding the latest techniques in binary obfuscation and exploits. The syllabus is designed to encourage a very hands-on approach to learning reverse engineering. Our security researchers personally craft exercises and lab assignments to help students gain an understanding of how malicious code works, for example by looking for hidden messages in the code (with keys to help them to achieve the goal of the exercise, as seen in the example below).


Do note that F-Secure does not use or write real world malware in our academic courses.  F-Secure strives to positively motivate programmers and includes modules that cover topics like ethics and legal issues in the course to encourage them to use their skills for a good cause – helping to protect the end user.

Over the other side of the world in Kuala Lumpur, Malaysia, where our other Security Lab is located to cater for the Asia Pacific region, we are partnering with Monash University (Sunway Campus) for the first time to develop a similar Malware Analysis syllabus, with a greater focus on the Android platform. The growing dominance of the Android platform in the smartphone market has also led to a tremendous growth in malware targeting devices using that operating system.

In conjunction with the lecturers from the School of Information Technology of the Sunway campus, and several security researchers from F-Secure’s Kuala Lumpur Security Lab, we are developing the syllabus from the ground up with brand new lecture and lab materials to help students whom are active in the security field gain a broader perspective of this field, as well as develop the specialized skills needed for analyzing malware.  Subjects and techniques covered in the lectures and lab sessions include, among others interesting topics, understanding the Android security framework, the operating and file systems, static and dynamic analysis of malware.

For those who are interested in understanding executable code inside out (literally) and are passionate about security, this is definitely the course for you! You can follow along on the Labs’ weblog for updates.

More posts from this topic


Why your Apple Watch will probably never be infected by malware

On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS.  iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.    

Sep 9, 2014
BY Jason
Aug 28, 2014
BY Jason