Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

zahidsun (65) in security • 7 years ago

Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions.

The vulnerability (CVE-2017-13156) was discovered and reported to Google by security researchers from mobile security firm GuardSquare this summer and has been patched by Google

Explained: How Android Janus Vulnerability Works?

The vulnerability resides in the way Android handles APK installation for some apps, leaving a possibility to add extra bytes of code to an APK file without affecting the application's signature.
Before proceeding further, you need to know some basics about an APK file.

Attack Scenarios

After creating malicious but valid versions of legitimate applications, hackers can distribute them using various attack vectors, including spam emails, third-party app stores delivering fake apps and updates, social engineering, and even man-in-the-middle attacks.

source- https://thehackernews.com/2017/12/android-malware-signature.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

security update

7 years ago by zahidsun (65)

$47.28

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

reet (37) · 7 years ago

Nice post bro

$0.00

1 vote

[-]

evananisa (47) · 7 years ago

nice information

$0.00

[-]

shajj (65) · 7 years ago

great concept

$0.00

[-]

minnowsupport (70) · 7 years ago

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by zahidsun from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP. Be sure to leave at least 50SP undelegated on your account.

$0.00

[-]

drotto (48) · 7 years ago

This post has received a 0.31 % upvote from @drotto thanks to: @banjo.

$0.00

[-]

steemitboard (66) · 7 years ago

Congratulations @zahidsun! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published a post every day of the week
Award for the total payout received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

$0.00

[-]

upme (49) · 7 years ago

You got a 2.94% upvote from @upme requested by: @zahidsun.
Send at least 1.5 SBD to @upme with a post link in the memo field to receive upvote next round.
To support our activity, please vote for my master @suggeelson, as a STEEM Witness

$0.00

[-]

buildawhale (74) · 7 years ago

This post has received a 4.18 % upvote from @buildawhale thanks to: @zahidsun. Send at least 1 SBD to @buildawhale with a post link in the memo field for a portion of the next vote.

To support our daily curation initiative, please vote on my owner, @themarkymark, as a Steem Witness

$0.00

[-]

appreciator (66) · 7 years ago

This post has received gratitude of 3.93 % from @appreciator thanks to: @zahidsun.

$0.00