highlights
Malware program keys of devices like Samsung and Xiaomi have been leaked.
With the help of these keys, hackers can access your data.
Through this, a hackers can add malware to a trusted app.
New Delhi. Keys of a trusted malware program for devices from Samsung, LG, Xiaomi and other companies have been leaked. Because of this, the security of thousands of Android smartphones has become weak. Citing a Google Android Partner Vulnerability Initiative (APVI) report, according to a malware reverse engineer at Google, the new flaws could allow malicious programs to tamper with the affected device’s system.
Engineer Łukasz Siewierski shared APVI’s findings on Twitter. It has been said in the report that the platform signing of many Android OEMs has been leaked outside the respective companies. By design, Android relies on the same Key app for signing that is used to sign the operating system.
Explain that this key ensures that the Android running on the device is legal and made by the manufacturer. The same key is used to sign in to different apps. Since many Android OEM’s keys are now available to scammers, they can use those app-sign keys to access Android’s shared user ID system and give all permissions to malware programs on affected devices. In other words, due to these flaws, attackers can gain access to all the data on the affected device.
Also read- Now iQOO 11 series will be launched on December 8, the company itself confirmed
use to sign phone
The report further mentions that these Android flaws are not only caused by a new or unknown app, but also by system apps, as leaked keys are used for common apps. In this case, the Bixby app that comes in the phone can be used to sign in on at least some Samsung phones.
will work on all apps
Through this, a hacker can add malware to a trusted app and sign it with authentic leaked keys, so that Android thinks it’s an update. As noted by 9to5Google, this will work for all apps, whether an app comes from the Play Store, Samsung’s Galaxy Store, or is sideloaded to the phone.
Also read- Less than 1000 rupees These budget-budget earbuds will give you great music experience, know details here
The keys of these companies were leaked
Notably, the APVI report does not list which OEMs were affected, but samples uploaded to VirusTotal revealed that these keys could be from companies such as Samsung, LG, MediaTek, Revoview, and szroco.
preparations had already been made
Google mentioned in its disclosure that all the companies were informed about the flaws to OEMs since they were reported in May 2022. These smartphone brands have already taken remedies to deal with such security leaks. However, according to APKMirror, some vulnerable keys were used by Samsung in the Android app in the past few days.
,
Tags: android, Samsung, tech news, Tech news in hindi, Xiaomi
FIRST PUBLISHED : December 03, 2022, 14:32 IST
