Google has released a fix for a vulnerability which allows attackers to bypass apps signature and inject malicious codes to Android apps as part of December Android Security Bulletin.
Google has released a fix for a vulnerability which allows attackers to bypass apps signature and inject malicious codes to Android apps as part of December Android Security Bulletin.The vulnerability dubbed Janus was discovered by GuardSquare, a mobile security firm and reported the vulnerability (CVE-2017-13156) to Google.The vulnerability allows attackers to inject a DEX file into an APK file without affecting the signatures.“The Janus vulnerability stems from the possibility to add extra bytes to APK files and to DEX files. On the one hand, an APK file is a zip archive, which can contain arbitrary bytes at the start, before its zip entries (actually more generally, between its zip entries). The JAR signature scheme only takes into account the zip entries. It ignores any extra bytes when computing or verifying the application's signature. On the other hand, a DEX file can contain arbitrary bytes at the end, after the regular sections of strings, classes, method definitions, etc. A file can, therefore, be a valid APK file and a valid DEX file at the same time” said in the post published GuardSquare.Here when the user downloads an update of an application, the android check the signature with the signature of the original version and if the signatures match it proceed to install the application.The updated application would have the same permission of the original application.“The updated application inherits the permissions of the original application. Attackers can, therefore, use the Janus vulnerability to mislead the update process and get an unverified code with powerful permissions installed on the devices of unsuspecting users”.Android devices which are impacted by the vulnerability are devices running on Android 5.0 and newer. The Android devices that support the APK signature scheme v1 are also affected.Researchers said that Android devices running on Android 7.0 and newer with APK signature scheme v2 are not affected by the vulnerability.All users are advised not to install any apps from third-party apps stores to avoid infection. Google smartphone users are requested to update your devices immediately.Researchers has also suggested developers to apply signature scheme v2 to ensure apps are not infected.
You may be interested in reading: Flaw Discovered in the Original Dirty COW Vulnerability Patch
Always follow these basic steps to prevent your smartphone from infection:
- Always switch off “Allow installation from unknown sources” in security settings thereby restricting download apps from a third party and anonymous sources.
- Don’t download attachments from unknown sources.
- Always Use google play store to install apps, don’t use any third party app stores.
- Download apps from verified developers and check their app rating and download counts before installing an app.
- Verify app permission before installing an app.
- Install the best and updated antivirus/anti-malware software which can detect and block these type of malware.
Read more on: Android MediaProjection Flaw Allow Attackers to Record Screen