ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Researchers say a recently-patched vulnerability in Android could leave users vulnerable to attack from signed apps.
The vulnerability, dubbed Janus, would allow a malicious application to add bytes of code to the APK or DEX formats used by Android applications without affecting the application’s signature. In other words, a scumbag could pack an app with malicious instructions, and still have it read by Android as a trusted piece of software.
The problem, say researchers with mobile security firm GuardSquare, lies in the way Android 5.0 and later handles the APK and DEX files for some applications. By only checking for certain bytes in an application’s signature, the devices could read an altered signature as authentic and allow for malicious instructions to be inserted an APK or DEX file without being detected.
Beware the IDEs of Android: three biggies have vulnerabilities
“An attacker can replace a trusted application with high privileges (a system app, for instance) by a modified update to abuse its permissions. Depending on the targeted application, this could enable the hacker to access sensitive information stored on the device or even take over the device completely,” GuardSquare says.
“Alternatively, an attacker can pass a modified clone of a sensitive application as a legitimate update, for instance in the context of banking or communications. The cloned application can look and behave like the original application but inject malicious behavior.”
The vulnerability, CVE-2017-13156, was addressed in patch level 1 of the December Android update, so those who get their patches directly from Google should be protected. Unfortunately, due to the nature of the Android ecosystem, many vendors and carriers are slow to release fixes.
There are, however, some mitigating factors that can keep vulnerable machines protected. For starters, GuardSphere notes, the attack could not be performed through the Play Store, so apps obtained from that service should be safe. Additionally, version 2 of the Android APK performs a more thorough check of the signature that would catch the attack.
“Older versions of applications and newer applications running on older devices remain susceptible,” the company said.
“Developers should at least always apply signature scheme v2.” ®
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.