Malware

Samsung and LG phones are vulnerable to malware due to leaked Android certifications

A major Android leak has left millions of devices around the world vulnerable to malware. Although the leak does not affect most Android devices on the planet, it does pose a problem for users of Samsung and LG smartphones and devices powered by MediaTek chipsets. Also Read – India is part of me, Google CEO Sundar Pichai says when greeted by Padma Bhusan

For the uninitiated, an important part of how Android OS protects smartphones is the application signing process. This process ensures that all software updates delivered to users’ smartphones come from legitimate developers. To add another layer of security, this process requires a private app developer login key and privacy is always kept private. Also Read – Google starts rolling out end-to-end encryption for group conversations in Messages

Now, Łukasz Siewierski (via Mishaal Rahman), a Google employee and malware reverse engineer, says that the certificates of several Android OEMs have been leaked online. These keys can be used by malicious actors to inject malware into users’ smartphones. Which could have been used to introduce malware into smartphones. What’s troubling is that this login key has the highest level of OS privilege, which means a malicious actor can inject malware without Google, the device maker, or the app developer knowing about it. Theoretically, a malicious actor could introduce malware that constitutes a legitimate app update if users download the update from a third party website. Also Read – Samsung Galaxy M04 is likely to arrive in India soon: here’s what we know so far

The platform certificate is the application signing certificate used to sign an “android” application to the system image. The “android” application runs with a privileged user ID – android.uid.system – and holds system permissions, including permissions to access user data. Any application Another signer with the same certificate can declare that they want to run with the same user ID, giving them the same level of access to the Android operating system,” Google wrote in a blog post.

Fortunately, we haven’t lost all hope yet. The Android security team has already notified the affected companies about the issue. The tech giant also advised affected companies to “rotate the platform’s certificate by replacing it with a new set of public and private keys.”

“In addition, they should conduct an internal investigation to find the root cause of the problem and take steps to prevent the accident from occurring in the future,” the company added.

Moreover, a report by XDA Developers said that Samsung has been aware of the issue for a long time and has patched the vulnerability a long time ago. “We have released security patches since 2016 after becoming aware of the issue, and there have been no known security incidents regarding this potential vulnerability,” the company said in a statement to the publication.