Samsung and LG phones are reportedly at risk of malware attacks because of a leaked Android certificate.
An Android certificate was reportedly posted online, putting millions of devices at danger of malware attacks, reports Gizmochina.
Users of Samsung and LG devices as well as all smartphones with MediaTek chipsets are at risk of being attacked by this malware.
Advertisement
The leaked certificate could be used by malicious parties to install malware on users’ smartphones.
Since the sign-in key has the highest level of OS (operating system) rights, hostile actors can inject malware without Google, the device’s manufacturer, or the app developer ever knowing about it.
The bad actor might theoretically install malware while posing as a legitimate software update if users download the update from a third-party website.
According to Google, platform certificate refers to the application signing certificate used to sign the “android” application on the system image.
The extremely privileged user-id “android.uid.system” is used by the “android” software, which has access to user data in addition to other system permissions.
Any other programme that has the same certification as the Android operating system is granted the same level of access.
The Android Security Team has already informed the impacted businesses of the issue.
The tech giant also advised that the impacted businesses “rotate the platform certificate by replacing it with a new set of public and private keys.”
Samsung has been aware of the problem for some time and has addressed the vulnerability, the report said.
Advertisement
