Reportedly, one of the major security leaks has led to the creation of “trusted” malware apps. Subsequently, the same can gain access to the entire Android operating system on devices from Samsung, LG, and others.
The information is shared by Googler Lukasz Siewierski (via Mishaal Rahman). Google’s Android Partner Vulnerability Initiative (APVI) has come out publicly and revealed a new vulnerability that going to affect devices from Samsung, LG, Xiaomi, and some others respectively.
On the other hand, the primary issue is that multiple Android OEMs have their platform signing keys leaked outside of their respective companies. While this key is used to ensure that the version of Android which is to be running on your device is legal. While the same key is used in order to sign other individual apps.
It is noted here, that this Android vulnerability doesn’t entirely happen when installing a new or unknown source app. As these leaked platform keys in some cases are used to sign some common apps. It includes Bixby, on some Samsung phones. Whereby attacker could add malware to a trusted app, then sign the malicious version with the same key. And Android would trust it as an “update.” Also, this method would be going to work irrespective of whether an app came from Play Store, Galaxy Store, or was sideloaded.
Furthermore, the following companies’ keys were leaked, also some keys have not been identified yet.
- Samsung
- LG
- Mediatek
- szroco (makers of Walmart’s Onn tablets)
- Revoview
Google ensures the protection of the devices
Google also approaches all Android makers to effectively minimize the usage of platform keys in order to sign other apps. It is intended to avoid potential security issues. Also, they added, that this issue came to light in May 2022. Therefore, Samsung and various other companies have already “taken remediation measures to minimize the user impact”.
Although things are not been clear yet as some of the vulnerable keys were used in Android apps from Samsung in a few couples of days, as per APKMirror. In one of its statements, Google ensures the protection of the devices from this app vulnerability. At the same, it also claims, this certainly has not been happening when it comes to Google Play Store.
OEM partners promptly implemented mitigation measures as soon as we reported the key compromise. End users will be protected by user mitigations implemented by OEM partners. Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android.
— Google spokesperson
Steps, in order to ensure your device protection:
- Always be sure that the latest firmware is available for your device.
- In case of not receive consistent Android security updates, it is recommended to upgrade to a newer device as soon as possible.
- One of the most important to remember is to avoid sideloading applications to your phone.
JOIN US ON TELEGRAM GOOGLE NEWS