Samsung smartphones have major security flaw

The certificates of several Android OEMs were recently made public as a result of a significant security breach. Millions of Android smartphones around the world are now vulnerable to malware due to this security issue.

Security researchers have warned of the development of malicious apps that can access entire Android operating systems as a result of a significant security leak. A malware engineer working for Google, Lukasz Siewierski, reported the leak.

Several Android OEMs including Samsung, LG and MediaTek have had their app signing certificates leaked according to Google’s Android security team, making it simple for hackers to install malicious apps on devices.

Application signature is a critical unit of Android smartphone security. Since the key being used to sign apps must always be kept secret. This is simply a technique to ensure that app updates come from the original creator.

android.uid.system is a highly privileged user ID used by applications signed with this certificate. The latter has access to user data, as well as other system rights. With the same level of access to the Android operating system, any other app certified with the same certificate can advertise that it wants to run with the same user ID.

The issue is that several of these certificates from LG, Samsung and MediaTek appear to have been compromised and, worse, were used to sign malicious software.

Therefore, a hacker who has a private key can infect popular applications with malware. Regardless of where the software came from.

Even worse, affected OEMs forgot to swap compromised keys with new ones. And failed to remove the compromised ones. Instead, they continued to use them. Samsung, on the other hand, recently delivered app updates that shared the same key.

However, Google first discovered the issue in May 2022. This suggests that malware may have been injected into legitimate Samsung apps by hackers.

Source: Gizchina

Source link

About Admin

Check Also

Victim of ‘hazing’ at UFOP has not yet returned to school; charge me hiccup – General

Ayrton Veras has not studied for almost six months (photo: ris Jesus/UFOP) Ayrton Carlos Almeida …

Leave a Reply

Your email address will not be published. Required fields are marked *