The leak of several Android platform certificates belonging to LG, Samsung and MediaTek may allow hackers to sign malicious applications to be accepted by the system and have elevated privileges.
Several Android platform certificates have leaked and can now be used by hackers and hackers. These certificates are very important as they are used by OEM Android device vendors to digitally sign core system applications. If a hacker has the certificate, they can use it to sign a malicious application. This will then be accepted by the system with the identifier android.uid.system and may have very high system privileges. It will thus be able to access all the user’s data. This leak was made official by Google, then relayed by Łukasz Siewierski and journalist Mishaal Rahman on Tweeter:
Folks, this is bad. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the “android” app itself. These certs are being used to sign malicious Android apps!
— Mishaal Rahman (@MishaalRahman) December 1, 2022
A hacker could also pass off a malicious app as an update to an official app, such as Samsung’s Bixby assistant, using these certificates.
Google gave some examples compromised certificates and malware that uses them, but only in the form of SHA256 hash data. By performing a search on the VirusTotal site based on this data, our colleagues from Bleeping Computer discovered that certain platform certificates correspond to the manufacturers Samsung Electronics, LG Electronics, Revoview and MediaTek.
Google has already notified the affected OEMs and asked them to change the certificates of their Android platforms (rotation of public and private keys), to investigate how the leak occurred and to minimize the number of applications signed with their certificates to prevent future incidents.
Questioned by our colleagues from Bleeping Computer, Google wanted to be reassuring and specified that all the parties concerned were informed of the results and reacted accordingly. According to a company spokesperson:
“The OEM partners quickly implemented mitigation measures as soon as we reported the key compromise. End users will be protected by user mitigations implemented by OEM partners”
But according to our colleagues at Bleeping Computer, Samsung hasn’t made the switch yet and is still using the leaked platform certificates to digitally sign apps.
Finally, Google clarified that detections for compromised keys have been added to Android Build Test Suite (BTS), which allows the creation and analysis of a system image. Additionally, malware detections are present in the built-in Google Play Protect antivirus. According to Google, there is no indication that the malware using the certificates is present or has been present in the Play Store app store. However, the editor recommends that users upgrade to the latest version of Android to benefit from the best level of security.
We would like to thank the writer of this short article for this remarkable content
Samsung and LG smartphones are at risk from malware due to leaked certificates
Check out our social media accounts as well as other pages related to it.https://yaroos.com/related-pages/