Exposing Samsung’s Android digital signature and using it in malware

Exposing Samsung's Android digital signature and using it in malware

Signature key encryption Developers is one of the main security mechanisms of Android, and whenever an application is updated in Android, this signature key of the previous version must match the new update, but in the latest news, it seems that the keys of some OEM companies, including Samsung, have been leaked. . This security mechanism ensures that the update is from the same company that developed the original program and that a malicious malware does not insert itself into the new update instead.

In this regard, if the signature key is revealed, anyone can distribute malicious programs, and due to the use of Samsung’s own signature, Android also fails to detect the illegality of these files. In Android, the process of updating apps is not done only through the Google Play Store, and users can also install Android APKs manually from other stores using other methods.

While individual downloadable apps outside of Google Play on Android are subject to more system strictures, this can be harmful when an unwitting developer’s digital signature is exposed, however, when the digital signature of Android OEMs like Samsung is exposed It can be destructive, and that’s what happened recently to Samsung and its phones.

Samsung Android Digital Signature

In this regard, a member of Google’s Android security team admitted in a post that with the original and exposed Android certificates, hackers are activating and creating digital signatures for their malware. In this post, Samsung, LG and MediaTek companies are mentioned and these are the companies whose digital signature keys have been exposed. With the disclosure of the digital signature of these companies, hackers can now present their malware with the signature of these companies, and the platform certificate of these companies also has major access permissions.

Platform Certificate is a digital signature application for Android applications on the system. Android applications run with the android.uid.system high-level access, and this access includes the user’s data. Any other app signed with the same certificate can declare that it wants to run with the same user ID, prompting Android to give that app elevated access.

Samsung also admitted that their digital signature key was leaked years ago in 2016, and the company stated that it takes the security of Galaxy devices seriously and has since provided new security patches, but it seems that Samsung may have Due to some logistical problems, it has not completely replaced the digital signature key in some models. Google also stated in this regard that the OEM companies have taken the relevant measures as soon as they were informed of these reports.

  • Samsung does not plan to buy OLED panels from China’s BOE this year
  • The possibility of making Snapdragon Galaxy S23 chips by Samsung itself
  • Android 13 update for Asus phones is coming + schedule

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Most Viewed Posts