Leaked Android certificates and signing malware

Ερευνητής της Google αναφέρει ότι διέρρευσαν κλειδιά υπογραφής πιστοποιητικών (certificates) της Samsung, της LG της Mediatek και πολλών άλλων OEM.

android code

Ο Lukasz Siewierski, μέλος της Ομάδας Ασφάλειας Android της Google, he published on the Android Partner Vulnerability Initiative (AVPI) issue tracker leaked platform certificate keys used to sign malware.

The post is a list of certificates, but if you run each of them through the APKMirror or the website VirusTotal of Google well-known names will appear: h SamsungThe LG and Mediatek είναι οι μεγάλες επιτυχίες στη λίστα των certificates που διέρρευσαν, μαζί με μερικά μικρότερα OEMs όπως η Revoview και η Szroco, που κατασκευάζει τα tablet Walmart’s Onn.

Senior Technical Editor Mishaal Rahman, also posted excellent information for the specific leak on Twitter.

As he explains, having an app that has the same UID as Android's system isn't quite root access, but it's close and allows that app to escape any sandboxing restrictions that exist for system apps.

These apps can communicate directly with (or, in the case of malware, spy on) other apps on your phone. Imagine a malicious version of Google Play Services to get an idea.

iGuRu.gr The Best Technology Site in Greece
Follow us on Google News

android, google, certificates, malware

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).