An Android security leak recently led to the development of trusted malware apps that allow hackers to gain access to the entire Android OS. The leak has left Samsung, Xiaomi, LG, and other Android smartphones vulnerable to this malware and the subsequent hacking. This had been shared by Google’s Android Partner Vulnerability Initiative (APVI) to bring the issue to light.
Many Android OEMs had their platform signing keys leaked, and this information was gained by those outside the organisation. This key is typically used to confirm that the Android system running on someone’s device is an authentic one. It can also be used in order to sign into individual apps.
The key allows significant system access. This means that if a malicious hacker gains access to this key, they can easily install malware onto the smartphone and give it all the required system access in order to function as intended. As a result, all the data stored on your smartphone would become available to the hacker.
It is important to note that this malware can be installed by using existing apps on the phone. In other words, you do not need to install a new app to become vulnerable to these attacks. This is because the key allows people to sign common apps (like Bixby on Samsung) and present the malware as an update. A user may see that an update is required, and since this is a trusted app, they would not think twice about clicking the update button.
While Google has publicly disclosed this issue, there is no indication of which devices are being affected by the leak the most. All malware files that have been detected by Google have been posted on VirusTotal in order to make users aware of the same.
Google is working on making the leaked keys defunct. Hackers who have access to these keys will not be able to use them to gain access to the system. Google has also urged users to prevent using the platform key to initiate updates.
Google said “OEM partners promptly implemented mitigation measures as soon as we reported the key compromise. End users will be protected by user mitigations implemented by OEM partners. Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects the malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android.”
For more technology news, product reviews, sci-tech features and updates, keep reading Digit.in or head to our Google News page.