Disclosure of Android certificates; Millions of Android phones are vulnerable to malware
A new report says that the Android validation certificate of mobile manufacturers including Samsung has been leaked and now millions of users are at risk.
A Google employee has announced that Android authentication keys from several manufacturers, including Samsung, LG, and MediaTek, have been leaked. These certificates can now allow hackers to easily transfer their malware to users’ devices.
According to “Lukasz Sivirski“, a Google employee and expert in reverse engineering of malware, the certificates of several major companies in the Android world have been leaked. Companies like Samsung use certificates that have many permissions to verify their apps. Now, any program that uses these keys can access user information at the operating system level.
In other words, hackers can now develop their malware in the form of an application similar to Samsung SMS. This malware is signed with the Samsung key and then it is provided to the user as an update. Then it passes all the security barriers of your device and by installing it on the system, it gains access to all the device information.
Was Samsung’s Android certification leaked a long time ago?
The unlock key from Samsung is apparently used for many of the company’s tools, including the Phone app, Bixby, Samsung Account, Samsung Pay, and a host of other apps. APKMirror founder Artem Rusakovsky says some of the malware using these keys actually dates back to 2016. Does this mean the problem has been there for a long time?
Samsung has announced in a statement that it has been aware of this problem since 2016 and has released updates to solve it. The company also claimed that it has not seen any problem with the misuse of this issue.
Of course, it is unclear why Samsung is still using these keys if they knew about this problem six years ago. Maybe it is related to the logistics problems of this company’s products, which do not allow updating previous devices. But this company has released many products in the same period of time that could use the new keys.
Considering that users cannot do anything about this problem, it is only recommended that people do not install the application from outside the App Store and download and install the desired apps from the official stores.