Researchers from security firm GuardSquare have discovered an Android vulnerability that allows for app code to be edited with affecting the apps’ signature. Dubbed Janus, the vulnerability has massive potential for malicious use, and affects Android 5.0 onwards.
Researchers from security firm GuardSquare have discovered an Android vulnerability that allows for app code to be edited with affecting the apps’ signature. Dubbed Janus, the vulnerability has massive potential for malicious use, and affects Android 5.0 onwards.
The security hole would allow an attacker to tweak an entirely legitimate app to behave maliciously without triggering any security alerts. Although vulnerability CVE-2017-13156 has been patched in December’s Android update, very few people will have access to this security fix.
On the plus side, check performed on apps that are submitted to Google Play should mean that anything obtained via official channels should be safe. The problem really affects apps that are downloaded from alternative stores, or that are sideloaded after downloading directly from websites.
GuardSquare explains the Janus problem:
The researchers go on to explain how this can be exploited:
The type of signature scheme that developers used is key — version 2 offers protection. As such, GuardSquare says: ” Applications that have been signed with APK signature scheme v2 and that are running on devices supporting the latest signature scheme (Android 7.0 and newer) are protected against the vulnerability. Unlike scheme v1, this scheme v2 considers all bytes in the APK file. Older versions of applications and newer applications running on older devices remain susceptible. Developers should at least always apply signature scheme v2.”
Image credit: dennizn / Shutterstock
