A security leak has left Android devices from manufacturers such as Samsung, LG and others, vulnerable to malware apps that steal user data and can gain access to their devices.
The reason why the leak is dangerous is that it contains platform certificates, which are used to verify apps and sign off on Android builds for these apps.
In the wrong hands, these certificates can be potentially used to create apps that will be flagged as authentic by Android, even when they are not.
The Android signing certificates were leaked from multiple partner OEMs. Worse, the certificates are also used to determine whether the version of Android running on your phone is legitimate.
Folks, this is bad. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android apps! https://t.co/lhqZxuxVR9— Mishaal Rahman (@MishaalRahman) December 1, 2022
Using this, the publication managed to find out some of the organisations that have had certificates leaked. These include Samsung, LG and MediaTek among others.
For now, Google is urging OEM partners to swap out the leaked certificates, so they can no longer be used.
Google reported that the leak happened in May 2022, and stated that the users are protected against this vulnerability through Google Play Protect and "mitigation measures" implemented by OEM partners.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
