More details of the leaked signature keys of millions of Android phones

More details of the leaked signature keys of millions of Android phones

Yesterday it was announced in the news that based on a recent tweet from Łukasz Siewierski And Mishaal Rahman has also leaked platform signing keys used by several Android manufacturers to sign system apps used on devices by hackers and “malicious insiders”. These signing keys are used to guarantee the legitimacy of apps and even the version of Android OS running on your phone, and that’s not good news at all. Today we will be at your service with more details about this topic.

  • Exposing Samsung’s Android digital signature and using it in malware
  • Review Android’s privacy features and digital security enhancements

Malware with Android trustmark

Baked into Android is a system that trusts apps to be signed with the same key used to authenticate the OS itself, and that’s where the security problem lies. By controlling these keys, an attacker could have a set of system-level Android “trusted” malware. It is just like giving the keys to your house and car to a thief with the necessary approvals. All data on vulnerable devices may be at risk. And some of these keys are used to sign regular apps installed from the Play Store or downloaded from other Android app stores.

1670235845 542 More details of the leaked signature keys of millions of More details of the leaked signature keys of millions of Android phones 2

Mishaal Rahman’s tweet states that the leaked signature Android keys cannot be used to install compromised updates. And he adds that the Play Store Protect system can flag apps signed with leaked keys as potentially harmful.

While not all the sources of the leaked keys have been identified, the companies that have been named include:

  • Samsung
  • LG
  • Mediatek
  • Szroco (manufacturer of Walmart’s Onn tablets)
  • Revoview

Google: No sign of it on Google Play

Google says that this vulnerability was reported to them in May of this year, and that the companies involved “have taken corrective actions to minimize user impact.” A Google spokesperson said:

“OEM partners immediately implemented mitigation measures as soon as we reported the key compromise. End users are protected by mitigation measures implemented by OEM partners. Google has implemented extensive diagnostics for malware in the Build Test Suite, which scans system images. Google Play Protect also detects malware. There is no indication that this malware exists or has ever existed in the Google Play Store. As always, we recommend users make sure they’re running the latest version of Android.”

What should be done to reduce the risk of exposure to these malwares?

Google advised the companies involved to replace the signing keys they are currently using and to stop using the leaked keys. It also suggests that each company initiate research to understand how keys are exposed. We hope this will prevent this from happening again in the future. Google also recommends that companies use singing keys for a minimum number of apps to reduce the number of potential leaks in the future.

So what should you do as the owner of an Android phone?

First, make sure your phone is running the latest version of Android and install all security updates as soon as they arrive. Of course, many of these updates won’t bring exciting new features as their job is just to make sure your device isn’t compromised. Also, Android users should avoid downloading and installing apps from third-party and unverified sources, that is, exactly when you install an app sourced from a third-party app store.

This problem has existed for years

The scary thing is that this vulnerability has apparently been around for years. Samsung even addresses this issue in a statement to Android Police and says: “Samsung takes the security of Galaxy devices seriously. We have been releasing security patches since 2016 upon learning of this issue and there have been no known security incidents related to this issue. We always recommend users to keep their devices up to date with the latest software updates.”

Related posts:

  • How to understand that Chrome extensions have the necessary security and validity to use?
  • Training on blocking annoying email + reporting on cyber security
  • How to download Android 13 for Google Pixel devices
  • How to activate WhatsApp lock on Android and iOS phones

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Most Viewed Posts