ALLOWS HORRIFYING APPS WITH MALICIOUS CODE FOR ANDROID TROJAN ATTACK! #blog
Google patch is a fix for a bug in four disasters risk this week, which allows attackers to make malicious code in Android applications without affecting an application's signature verification certificate
This strategy allows an attacker to hate anti-malware protection and to spread the privilege of signing a targeted device with a signed application which is seen from a trusted publisher, according to researchers.
The weakness, the dub jeans, had been discovered earlier this summer by Erie Laurefortunin, CTO of the Gardners. In July, Google reported Google (cv-2017-13156) Google. Google was on Thursday publishing the weakness patch bug public as part of its December Android security bulletin.
As part of his research, Laforton created a proof-of-concept tool, which is also known as Jana, which allows an attacker to start an APK file with an unnecessary DX (Dalvik executable) file. Code up inside the Android program that is zip in DEX file single APKs.
"An attacker can infect the malicious code in a reputable app, no user that downloads and installs the application will be infected," said Lafortune.
An attacking incident is the Android APK downloaded from the third party app store, which is considered legitimate banking, social media or system utility apps.
"An Android application - From a banking application, the game can be a Jane's target - on Google Maps, once the infected application is installed, the attacker must have the same rights as the app. This means that an attacker can steal banking certificates, read messages Or any other targeted device "Laphatotina said.
Running a version of the Android operating system than the Impacted Android device Naogat (7.0) and any Android device APK signature scheme supports V1. Updated Android devices in July 2016 are not affected by updated Android devices to support APK signature scheme v2.
Google apk signatures describe "a full-file signature scheme that increases the speed of verification and strengthens the integrity guarantee by detecting any changes to the APC protected areas."
The Lafortune Threatpost Knowles tool works by an attacker that allows an application to ignore any additional bytes when applying its signature computing or verifying.
"On the one hand, an APK file is a zip archive, which can initially hold arbitrary bytes, before its zip entry ...", the researcher said. "On the other hand, after the regular section of string, class, method definition, etc. at the end of the DX file, there may be arbitrary bytes in the end. A file can be a valid APK file and simultaneously a valid DEX file.
He said Jens can complete this task because a previous and separate JAR signature scheme considers only the account of the ZIP entry. "While computing or verifying the application's signature it ignores any additional bytes," he said.
Since applications signed with the APK signature scheme v2 are not affected, Lafortune suggests that developers must sign the signature scheme v2 so that applications can not be printed with