Q
Problem solve Get help with specific problems with your technologies, process and projects.

Android vulnerability: How can users mitigate Janus malware?

The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis.

Android recently disclosed the Janus vulnerability, which enabled the injection of malicious code into reputable...

apps, infecting the endpoint of any user who downloaded it. How does this vulnerability work and how can it be prevented?

Some users have suggested the use of whitelisting -- allowing only approved and signed executables to be installed or run on a system -- as a solution to combat Android malware like the Janus vulnerability that was discovered and patched in 2017. Using signed executables via an app store could meet this need because, in theory, it can prevent malware from infecting an endpoint. If the malware can't execute on the endpoint, then it can't exploit the endpoint to install the malware payload.

However, several critical assumptions on which this statement relies might not always be true. One assumption is that a properly signed file is not malware; another is that you can't change a signed file. Malicious actors have been able to create malware with valid signatures, and one signed file running on Android 5.0 and above had malicious content added to it.

The app was available in a third-party Android app store and contained malware and other files, including unsigned malicious code. GuardSquare found the vulnerability, named the Janus vulnerability, which allows attackers to bundle a separate file with a legitimate signed file, and which can be run on a targeted device to compromise the security of the system. The malicious file can even be used to replace an application that has already been installed and to use the existing permissions of the application.

Part of this Android vulnerability is that the signature on the file does not cover the entire file.

Android 7.0 and newer devices that use the Android Package signature scheme version 2 for authentication are not vulnerable to this Android vulnerability, and Google has already patched the vulnerability in Android 5, but most users will need to wait until their carrier pushes the patch.

In order to reduce the chance of a malicious file being downloaded, users should not download applications from outside of the official Google Play app store.

Some whitelisting tools are not vulnerable to attacks like this and do not rely on these assumptions. Users should evaluate how their tools handle signed malware and how their files have been changed after they were originally signed.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in July 2018

Dig Deeper on Software and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has the Janus vulnerability affected your enterprise?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close