Alert: Android phone users should be careful, Google engineer warns!

A latest security leak has put the security of many Android smartphones including Samsung, LG at risk. This security leak has reportedly led to the creation of “trusted” malware apps that could help hackers gain access to many Android smartphones. The root of the problem is the leaking of signing keys on the platforms of many Android OEMs.

As shared by Lukasz Siewierski, an engineer at Google, Google’s Android Partner Vulnerability Initiative (APVI) has publicly disclosed a new vulnerability that affects Samsung, LG and other devices. The reason for this is the leaking of OEMs’ platform signing keys, which are used to check the validity of the version running on an Android device. This key can also be used to sign different apps.

9to5Google AccordingAndroid trusts apps signed with the same key that is used to sign the operating system. With those app signing keys, a malicious actor or hacker would be able to use Android’s “Shared User ID” system to grant malware full (system-level) permissions on an affected device, which would then take over that device. All the data can go into some outside hands.

In this case given by Google Information It doesn’t specify which devices or OEMs were affected, but it does show hashes of example malware files. Additionally, each file is uploaded to VirusTotal, which often also reveals the name of the affected company. Along with this, the report claims that the keys of Samsung, LG, Mediatek, Szroco and Revoview have been leaked.

According to Google, the first step is for each affected company to swap (or “rotate”) the signing keys on its Android platform and no longer use the leaked keys.

Leave a Reply

Your email address will not be published. Required fields are marked *