A dangerous vulnerability in Android allows hackers |
Google previously announced that a major vulnerability created "trusted" malicious apps that access the entire Android operating system on devices from major smartphone manufacturers.
Google's Android Partner Vulnerabilities Program, led by security engineer Lukaz Siewirski, has exposed vulnerabilities affecting Samsung and LG devices, among others.
The problem is that the signature keys of Android phone manufacturers have been leaked, indicating that these keys are generated by the manufacturers themselves to ensure that the version of Android running on the manufacturers' devices is legal. The key itself can be used to sign or approve applications installed on the device.
Since Android is designed to accept any app with the same signing keys as the phone's operating system, a hacker in possession of those keys could use them to grant full, system-wide permissions to malware on affected devices, which means all data would be at risk. group of pirates.
Google has made it clear that Android vulnerabilities do not only appear when new or unknown apps are installed. Since these leaked keys can in some cases be used to sign popular applications, hackers can add malware to trusted applications or use the keys themselves to sign malicious versions of those applications. Therefore, Android trusts malicious apps as updates. It works regardless of whether the app is from the Google Play Store, Samsung Galaxy Store, or manually installed from outside the Store.
Google did not disclose the names of the companies affected by this vulnerability, but after reviewing samples of malicious files, it found that the list of affected companies includes: Samsung, LG, MediaTek, szroco, and Revoview.
Google advises affected companies to change their signature keys to render the leaked keys unusable, and advises companies to do so regularly to avoid damage from future leaks.
The US tech giant is urging all Android phone makers to reduce the frequency of app approvals with signing keys and only approve apps that require the highest permissions to avoid potential security issues.
According to Google, Samsung and all affected companies have taken corrective measures since the issue was reported last May to minimize the impact of the vulnerability on users, but Android apps site APKMirror says that Samsung apps using leaked signing keys that existed until a few days ago were available. Downloadable. Scarcely.
Google said in a statement that users' devices can be protected from this vulnerability in several ways, including but not limited to: Google Play Store protection, Google Play protection, and manufacturer actions. Note that this vulnerability has not been exploited in applications distributed through the Google Play Store.
Users who want to backup their device are advised to make sure that they have the latest version of their operating system installed, and if the device is not getting the latest updates, it is advised to update to another device as soon as possible. It's also recommended to avoid installing apps outside the App Store, even if it's just to update existing apps.