A major flaw in Samsung smartphones has been fixed, the update is in progress

As part of a major security leak, the certificates of several Android OEMs were recently exposed. This security flaw has left millions of Android devices around the world vulnerable to malware.

A large-scale security breach has prompted security researchers to sound the alarm about the appearance of malware that can penetrate all Android operating systems. A leak has been reported Łukasz Siewierski, Google employee and malware engineer.

Google’s Android security team has discovered that several Android OEMs, including Samsung, LG and MediaTek, have spotted it. their cryptographic application signing keys must be disclosedthus allowing hackers to easily deploy malware on smartphones.

What are signature certificates for applications?

An important aspect of Android smartphone security is the app signing process. This is essentially a way to ensure that software updates come from the original developer, as the key used to sign applications must always be kept private.

Applications signed with this certificate run with a highly privileged user ID, android.uid.system. The latter has system permissions, including permissions to access user data. Any other application signed with the same certificate can declare that it wants to work with the same user ID, giving it the same level of access to the Android operating system.

That’s the problemA number of these platform certifications have been leaked from Samsung, MediaTek, LG and Revoview and worse, used to sign malware.

Simply, an attacker with the private key can add malware to trusted applications. Because the malicious version of the app uses the same key that Android security relies on, renewal of the application will be done regardless of the origin of the application.

Also Read – Android: Millions of Smartphones Vulnerable, Major Security Flaw Discovered

Hackers managed to install malware on Android smartphones

To make matters worse, the affected OEMs failed to remove the faulty switches and replaced them with new ones. Instead, they continued to use them. on his side, Samsung even recently released software updates with the same button. Again, the problem was first discovered by Google in May 2022.

This means that hackers can potentially inject malware into official Samsung apps. The malware could have masqueraded as an update, bypassed all security checks during installation, and given the malware almost complete access to your user data in other applications.

Google can protect Android phones in several ways, including Google Play Protect, OEM mitigations, and more. ensured that it is safe through Apparently, the apps on the Play Store are also safe. ” As soon as the major compromise was reported, OEM partners quickly implemented mitigation measures. End users will be protected by mitigation measures implemented by their OEM partners said the company’s spokesperson.

The tech giant’s affected companies ” convert the platform certificate by replacing it with a new set of public and private keys “. ” Also, they should conduct an internal investigation to find the root cause of the problem and take measures to prevent the incident from happening again in the future. “added the company. Therefore, LG, MediaTek, and Samsung are expected quickly renew their certificates to protect their users from malicious hackers.