google-site-verification: google30a059f9a075f398.html

Attackers Exploit Android Application Package Flaw to Hide Malware

CyberWisdom Commentary:

A must-read story from securityboulevard.com notes that a little-known fact that an Android Security Update for December 2017 contains fixes for critical vulnerabilities that could allow an attacker to modify an installed application without affecting its signature. This will allow an attacker to access the affected device (indirectly). The researchers first discovered in July that the vulnerability (designated CVE-2017-13156, also known as the Janus vulnerability) affected Android versions from 5.1.1 to 8.0; about 74% of all Android devices have these versions installed.We found at least one application in the field using this technique. The use of this vulnerability by this particular version of the application makes it harder for them to be detected by mobile security solutions. It is likely to be used in the future to compromise other applications and access user information.

Attackers have started to exploit a vulnerability patched this month in Android that enables the bundling of malware with Android application files (APKs) and evading antivirus products. The vulnerability, known as Janus and identified as CVE-2017-13156, was privately reported to Google in July by researchers from mobile security firm GuardSquare. Google included a patch for it in its December Android security bulletin, after sharing it in advance with device manufacturers. The flaw enables modifying apps without breaking their digital signatures and stems from the way in which the Android Runtime (ART) loads Dalvik Executable Format (DEX) files. A traditional Android application consists of Java classes and other resources inside a ZIP archive with the extension APK. The ZIP format itself contains file entries and a central directory with information about those entries. When a file is signed using the traditional JAR (Java Archive) signature model, the signature is only applied to the file entries defined in the ZIP’s central directory. If any of those files are later altered, the signature is broken. In the Android ecosystem, signatures are important for application updates because only properly signed APKs are allowed to replace an already installed application. If attackers are able to… Engaging post, Read More…

thumbnail courtesy of securityboulevard.com.

If you like to receive more of these curated news alerts then subscribe to my mailing list.

 

Add a Comment

Your email address will not be published. Required fields are marked *