Janus Android Vulnerability

Janus is an Android vulnerability that allows an attacker to modify an application undetected. This is achieved by adding a malicious Dalvik executable (DEX) file to an Android Package Kit (APK) file.

Threat ID:: CC-1886
Category:
Threat Severity:: Low
Threat Vector:
Published:: 29 December 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Affected platforms

The following platforms are known to be affected:

Android

Android versions 5.1.1 – 8.0
Applications that use V1 signatures

Threat details

An APK file is used to install software on Android systems, with functionality similarly to an .exe file used by Windows systems. When the signature for the application is checked for alterations, it detects the APK file, not the malicious DEX file, therefore verifying the signature as unaltered. Using this method, an attacker could alter or replace a vulnerable app with a malicious version. This vulnerability has been assigned CVE-2017-13156 Currently Android employs 2 different signature schemes, V1 and V2. Many application developers use both V1 and V2 signatures for compatibility purposes. Any app that uses V1 signing, even if V2 is used alongside, will be vulnerable.

Remediation steps

Type	Step
	Update Android devices to the current software version. Verify that apps downloaded are trusted and/ or only use V2 signing. Consider whitelisting applications on corporate devices.

CVE Vulnerabilities

Status

CVE-2017-13156

Last edited: 17 February 2020 11:33 am