World famous Pangu Team has made a reappearance of sorts. The team, which has previously been in the spotlight for security research and producing jailbreaks, have used their social network of choice to announce a new mobile threat detection platform called Janus.
The official Pangu Team Twitter account hasn’t exactly been full of activity in recent weeks, months, and even years, in all honesty. The account has amassed a lot of followers based on work carried out in the jailbreak community but hasn’t really had much activity aside from promoting talks at conferences pertaining to Pangu9 back in Q3/Q4 of 2016.
Now, it seems that the team is back with a renewed focus, with the announcement of Janus, a platform which will allow threats to be detected directly within the codebase of native mobile apps:
It seems that Pangu is looking to stick to what it knows by taking the combined expertise of its team members and building a platform that can assist with auditing mobile applications from a security perspective. Those chosen route to be able to do this is what the team is calling Janus, described as a “mobile threat intelligence platform,” which “monitors distribution channels in long-term, covering dozens of major app stores, accumulated to tens of millions of apps and more than 300 billion broad-spectrum characteristics.”
We confirmed several iOS apps with more than 100 millions users are vulnerable to #ZipperDown#, and found more than 10k iOS apps might have the same or similar issues. Check https://t.co/WOg5AGzREb and contact us for details and fix if your app is in the list.
— PanguTeam (@PanguTeam) May 15, 2018
Using the platform, the team has also used Twitter to reveal that it has “confirmed several iOS apps with more than 100 million users” which are vulnerable to what the team is calling “Zipper Down”. This is the name the team has given to what it’s calling a “programming error” present in various popular apps that introduces potential “severe consequences” such as the ability to overwrite data and the potential for arbitrary code execution from malicious individuals.
More information regarding Janus can be found over at appscan.io, with documentation existing on a more technical and in-depth level at the document portal doc.appscan.io/en/ for the platform.