Privacy And Security

Major Android leak leaves Samsung, LG, other devices vulnerable to security threat

Riya
Riya Shukla
Login To Bookmark
  • Dec 07,2022
  • 2 min read
  • 2
  • 477 Views

As per the new information, Google Android Partner Vulnerability Initiative (APVI) has openly revealed a new exposure that affected various Android devices from OEMs like Samsung, LGXiaomi, and more (via Mishaal Rahman).

The security leak can help scammers flag malicious apps as trustable and genuine apps, even when they clearly aren't.

Hundreds of thousands of Android smartphones have been rendered vulnerable after a major security leak paved the way for a “trusted” malware programme to run amok, affecting devices from Samsung, LG, Xiaomi, and others. According to Google, the leak happened way back in May 2022 and the users are protected against the vulnerability through Google Play Protect and various “mitigation measures” that OEMs so far have implemented.


As these leaked platform keys are also used to sign normal apps in some cases, an attacker could add malware to a trusted app, with the same key as a malicious version. can sign it, and Android will trust it as an “update”.

The key’s design clears that Android trusts any app that is signed with the same key used to sign the operating system. With those app signing keys, a malicious attacker can easily use Android’s “shared user ID” system to grant malware full, system-level permissions on an affected device. In short, an attacker can get access to all the data available on any device.

Moreover, Google does not officially disclose which devices or OEMs were affected, but it does display hashes of example malware files. Helpfully, each file is uploaded to VirusTotal, which often also reveals the name of the company affected, which includes:

  • Samsung
  • LG
  • Mediatek
  • szroco (makers of Walmart’s Onn tablets)
  • Revoview

For example, the Samsung Bixby app, which comes pre-installed on Galaxy devices, can also direct to a security leak. This method will work whether an app originally came from Play Store, Galaxy Store, or was sideloaded.

Conclusion

The company has also shared the reason why this happened. According to the report, many Android OEMs have leaked the signing keys of their platforms outside their respective companies, which has led to a security leak.

It is worth mentioning that this Android security leak vulnerability not only appears when installing a new or unknown app, but already available system applications can also be affected by security.

Previous post
The iPhone 14 Can Connect to Satellites
Next post
Amazon's Prime Gaming to be launched in India soon  

Related post

Card image
Privacy And Security
Biggest data leak: Aadhaar Personal data of 81.5 crore Indians on sale on dark web
  • avatar
    by Riya
  • Nov 05, 2023
Card image
Privacy And Security
Sudan-based hackers shut down X for hours demands for Starlink
Card image
Privacy And Security
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM
  • avatar
    by Riya
  • Aug 16, 2023
Card image
Privacy And Security
Xiaomi System UI Software Crashes globally due to Android Mechanism Updates
Card image
Privacy And Security
Google Pay Glitch: Several Lucky Users Get Upto Rs. 88,000 Accidentally!!!
avatar

0 comments

Leave a reply

Please Login or Register to Comment. Get Started

Share this article

Elancemart
Next post
Amazon's Prime Gaming to be launched in India soon  
Image