Add Your Heading Text Here

Janus vulnerability is the latest technique in town used by attackers to modify android apps without affecting android application signatures.

This vulnerability is caused by the way android handles apk installation for application leaving extra bytes of code to an APK file without affecting the application’s signature.

You need basic knowledge in android application development in order to understand Janus vulnerability very well.

          Janus vulnerability does not affect apk signature scheme v2. It only affects apk signature signing scheme v1. Also it does not affect Android Oreo and Nougat but affects Android Marshmallow and beneath.

While installing or updating an android application , your device checks APK header information to determine if the archive contains code in the compressed DEX files. 

If the APK archive contains DEX files, the process virtual machine decompiles the code  and executes it. If it does not contain any DEX files, it executes code as regular apk file.

Due to the lack of file integrity checking during apk installation, attackers utilize this opportunity to include malicious code compiled in DEX format into an APK archive containing legitimate code with valid signatures. Thus it tricks android installation process to execute both code on the targeted device without being detected.

This vulnerability allows malware developers to include two or three malicious lines of code to a legitimate application.

SUGGESTED SOLUTIONS AGAINST JANUS:

•    Android developers should always apply signature scheme v2 to prevent tampering of application.
•    Upgrade your device OS(if possible)
•    Be extra careful when downloading application as well as updating apps.

#ISA_informs

#ISA_ltd