Janus vulnerability is the latest technique in town used by attackers to modify android apps without affecting android application signatures.
This vulnerability is caused by the way android handles apk installation for application leaving extra bytes of code to an APK file without affecting the application’s signature.
You need basic knowledge in android application development in order to understand Janus vulnerability very well.
Janus vulnerability does not affect apk signature scheme v2. It only affects apk signature signing scheme v1. Also it does not affect Android Oreo and Nougat but affects Android Marshmallow and beneath.
While installing or updating an android application , your device checks APK header information to determine if the archive contains code in the compressed DEX files.
If the APK archive contains DEX files, the process virtual machine decompiles the code and executes it. If it does not contain any DEX files, it executes code as regular apk file.
Due to the lack of file integrity checking during apk installation, attackers utilize this opportunity to include malicious code compiled in DEX format into an APK archive containing legitimate code with valid signatures. Thus it tricks android installation process to execute both code on the targeted device without being detected.
This vulnerability allows malware developers to include two or three malicious lines of code to a legitimate application.
SUGGESTED SOLUTIONS AGAINST JANUS:
#ISA_informs
#ISA_ltd
Sign up our newsletter for update information, insight and promotion.