A large-scale security leak has caused security researchers to ring alarm bells over the formation of malware applications that attain access to whole operating systems that belong to Android. This includes the likes of devices such as Samsung among others.
As mentioned recently by Google’s head for Android partner vulnerability, this had gone as far as affecting those devices belonging to LG, Samsung, and a few others.
The main issue has to do with a concern linked to OEMs that had platforms signing various keys present out of that particular firm. The key would make sure a certain Android version was still functioning and had been made by a manufacturer. This same key would be utilized to sign a certain app.
By design, the company was seen trusting the app which users had signed in using the same key and operating system. Anyone attacker with malicious intent would end up utilizing such an ID system to provide malware-themed system permissions on an affected device. In turn, any data seen on the affected device may be provided to attackers.
Notably, such vulnerabilities do not appear to take place when you install some sort of new and unused application. Some leaked keys found are often utilized for the purpose of signing into different apps where the attacker adds malware to the application, signs malicious versions, and then you’d find Android trusting that update. This is a method that ends up working no matter if the application arose at the Play Store, Samsung’s Galaxy Store, or through another sideloading location.
Google’s public offering failed to outline which device had been affected for now but it did put on display the long list of harsh examples comprising malware files. We are sure such files have been uploaded on VirusTotal. The latter tends to put the company’s name on display. Through such means, we get an idea about the types of keys getting leaked like through Samsung, Revoview, LG, Szroco, and Mediatek.
One explanation of such a security breach mentioned how old platform keys get rotated to prevent damage related to future leaks. And even beyond that, it has to do with Android manufacturers altering how often such keys are used for signing into different apps.
For now, Google mentioned how all affected companies including Samsung have taken appropriate measures to prevent such changes from causing major impacts on users.
Read next: SMS apps on Play Store can become a gateway for malware activities
As mentioned recently by Google’s head for Android partner vulnerability, this had gone as far as affecting those devices belonging to LG, Samsung, and a few others.
The main issue has to do with a concern linked to OEMs that had platforms signing various keys present out of that particular firm. The key would make sure a certain Android version was still functioning and had been made by a manufacturer. This same key would be utilized to sign a certain app.
By design, the company was seen trusting the app which users had signed in using the same key and operating system. Anyone attacker with malicious intent would end up utilizing such an ID system to provide malware-themed system permissions on an affected device. In turn, any data seen on the affected device may be provided to attackers.
Notably, such vulnerabilities do not appear to take place when you install some sort of new and unused application. Some leaked keys found are often utilized for the purpose of signing into different apps where the attacker adds malware to the application, signs malicious versions, and then you’d find Android trusting that update. This is a method that ends up working no matter if the application arose at the Play Store, Samsung’s Galaxy Store, or through another sideloading location.
Google’s public offering failed to outline which device had been affected for now but it did put on display the long list of harsh examples comprising malware files. We are sure such files have been uploaded on VirusTotal. The latter tends to put the company’s name on display. Through such means, we get an idea about the types of keys getting leaked like through Samsung, Revoview, LG, Szroco, and Mediatek.
One explanation of such a security breach mentioned how old platform keys get rotated to prevent damage related to future leaks. And even beyond that, it has to do with Android manufacturers altering how often such keys are used for signing into different apps.
For now, Google mentioned how all affected companies including Samsung have taken appropriate measures to prevent such changes from causing major impacts on users.
Read next: SMS apps on Play Store can become a gateway for malware activities
