Leaked Android certificates left millions of smartphones vulnerable to malware

Main Image
  • Like
  • Comment
  • Share

Looks like millions of Android smartphones were literally inches away from mass malware attacks. Devices from LG, Samsung and MediaTek chipsets were subjected to a major Android vulnerability. Once exploited, it would have given cyberattackers complete authority over your device. In fact, the privileges that this vulnerability introduces to the injected malware may be more than what you as a user have on your own device.

Android steers closer to a massive malware attack

According to the reports shared by Lukasz Siewierski, a Google employee and a malware reverse engineer, critical certificates of some of the Android smartphone manufacturers were leaked giving exploiters the exact vulnerability to puncture into these devices. It includes MediaTek, LG, and Samsung which means the vulnerability would have given cyber attackers access to hundreds of millions of devices.

For the unversed, everything smartphone manufacturer (or OEM) has a platform certificate that contains a private key. Android OS authenticates this private key whenever there’s an app update from the OEM. Once confirmed, it is passed through. These certificates have the android.uid.system as their user id which is the highest level of privilege on a device.

Apparently, some of these certificates were leaked. It means if an attacker got his hands on it, he can literally use it to trick Android OS into believing that malware being injected in an app is actually an update thanks to its disguise. Since the Android OS validates the key, it has no reason to suspect and gives it a green signal. That’s where the malware gets privileged access to that particular app and device itself.

Millions of LG, Samsung smartphones face vulnerability due to leaked Android certificates

In fact, according to some experts, the privileges this malware could gain are likely higher than what users have on their devices.

Fortunately, not everything is lost…

The good news is, Google has acknowledged the issue and has warned the OEMs to push updates to mitigate it. It has asked OEMs to rotate the certificates and change the keys that would make the previous certificates obsolete.

Apart from that, Google has implemented detection for malware on its Build Test Suite that checks system images on devices. Google Play Protect prevents such types of malware to pass through when the user has downloaded or updated the apps. It is highly recommended to steer away from sideloading as that opens a system to countless vulnerabilities.

Related Articles

ImageExclusive: OxygenOS and Realme UI Being Discontinued, Ending a Golden Era

For years, the illusion of choice has defined a significant chunk of the Android market. OPPO, OnePlus, and Realme might have shared corporate DNA under the BBK Electronics banner, but they operated fiercely independent brands, each boasting unique software and distinct fanbases. But that’s about to end soon. According to a highly reliable and seasoned …

ImageGoogle highlights the significance of Play Services For Android security

Google highlights the significance of Play Services against Triada trojan and other threats in a blog post published recently. Triada is a family of trojans that had infected some Android phones a few years back. Kaspersky Labs, who discovered it in 2016 called it, “one of the most advanced mobile Trojans”. Next year, Dr. Web …

ImageAPT42 Attack: What is it & how does it target high-profile activists

Iran government-supported hackers have recently targeted many high-profile activists, journalists, researchers, academics, diplomats, and politicians who have been working on Middle East issues. This credential phishing is being done via WhatsApp. The Human Rights Watch has linked this phishing attack with an entity affiliated with the Iranian government known as APT42. It is sometimes called …

ImageExclusive: vivo V80 FE and vivo V80 Lite 5G listed in the GSMA database

vivo, one of the aggressive players in the smartphone market, is making headlines with a rare leak in the tech world. According to the company’s product roadmap, the vivo V70 Lite 5G is expected to launch in the coming days. This device, bearing the model number V2615, has completed its official certification processes and will …

ImageSamsung Galaxy Z Fold8, Z Fold8 Ultra, and Z Flip8 Cases Leak Ahead of Launch

Samsung’s next-generation foldables are expected to debut at the upcoming Galaxy Unpacked event, and a new leak has now revealed what buyers can expect in terms of official accessories. According to images shared by Android Headlines, Samsung is preparing a wide range of first-party cases for the Galaxy Z Fold8 (wide), the Galaxy Z Fold8 …

Discuss

Be the first to leave a comment.

Related Products