A major security leak has created “trusted” malware apps that can access the entire Android operating system on devices from Samsung, LG, and others.
It was also shared by a Google employee Lukas Sewirski (Across Mishaal Rahman), Google’s Android Partner Vulnerability Initiative (APVI) has publicly disclosed a new vulnerability that affected devices from Samsung, LG, and others.
The crux of the problem is that many Android device manufacturers have leaked their platform signing keys outside of their respective companies. This key is used to ensure that the version of Android running on your device is legitimate, created by the manufacturer. This key can also be used to sign individual applications.
By design, Android trusts any signed application with the same key used to sign the operating system itself. A malicious attacker with these application signing keys can use Android’s Shared User ID system to deliver malware Full system-level permissions on an affected device. Basically, all the data on the affected device could be available to the attacker.
Notably, this Android vulnerability does not only occur when a new or unknown app is installed. Because the leaked platform keys are also used in some cases to sign popular apps — including the Bixby app on at least some Samsung phones — an attacker could add malware to a trusted app, sign the malicious version with the same key, and Android trusts it to “update”. “. This method will work regardless of whether the app originally came from the Play Store, Galaxy Store, or sideloaded.
Google’s public disclosure doesn’t show which devices or OEMs were affected, but it does show hashes of malware files. Helpfully, each file has been uploaded to VirusTotal, which often also reveals the name of the affected company. With this, we know that the keys of the following companies have been leaked (although some keys are not identified yet):
- szroco (makers of Walmart’s Onn Discs)
According to Google’s brief explanation of the issue, the first step is for each affected company to swap (or “roll”) their Android platform signing keys to stop using the leaked keys. It’s a good practice to do this regularly anyway, to minimize damage from potential leaks in the future.
Moreover, Google has also urged all Android manufacturers to drastically reduce the number of times the platform key is used to sign other apps. Just an app that Need The highest level of permissions must be signed this way to avoid potential security issues.
Google says that since the issue was reported in May 2022, Samsung and all other affected companies have already “taken remedial measures to minimize the user impact” of these major security leaks. It’s not clear what exactly this means, as some vulnerable switches have been used in Samsung’s Android apps in the past few days, according to APKMirror.
Notably, while the Google disclosure indicates that the exploit was reported in May 2022, some examples of the malware were first examined by VirusTotal as early as 2016. It is not yet clear if this means that the leak and associated exploits were made. Actively used against some devices at that time.
In a statement, Google explained that people’s devices are protected against this vulnerability in several ways, including through Google Play Protect, “mitigations” from device makers, and more. Moreover, this exploit has not made its way to apps distributed via the Google Play Store.
The OEM partners immediately implemented mitigation measures as soon as the major breach was reported. End users will be protected by user mitigation measures implemented by OEM Partners. Google has implemented extensive malware detection in its Build Test Suite, which scans system images. Google Play Protect also detects malware. There is no indication that this malware exists or has ever been in the Google Play Store. As always, we advise users to make sure they are running the latest Android version.
While confirming the details of the latest Android security leak, there are a few simple steps you can take to make sure your device stays secure. For one, make sure that you are using the latest firmware available for your device. If your device is no longer receiving consistent Android security updates, we recommend that you upgrade to a newer device as soon as possible.
Beyond that, avoid sideloading apps on your phone, even when you’re updating an app that’s already on your phone. If the need to sideload an app arises, make sure you fully trust the file you’re installing.
Dylan Russell Contribute to this article.
More on Android:
FTC: We use affiliate links to earn income. more.
Check out 9to5Google on YouTube for more news: