Malware can gain access to the entire Android operating system on devices from Samsung, LG, Xiaomi and others, according to the Android Partner Vulnerability Initiative (APVI).
Several Android hardware manufacturers have leaked signing keys, which are commonly used to confirm that the version of the OS running on a device is legitimate. They can be used for signature and some other applications.
Android trusts any app signed with a key. An attacker can use it to exploit Android’s user ID system and deliver system-level malware. Basically, it can access all the data on the affected device.
The vulnerability can be obtained not only when installing new utilities, but also when running existing ones – because an attacker can add malware to a verified program, sign it with the same key, and Android will identify it as an “update”. This method will work regardless of whether the app was installed from the Play Store, Galaxy Store, or third-party stores.
Learn to design web interfaces that customers will love in your spare time and earn from $1000
REGISTER!
Google doesn’t say which devices or hardware manufacturers are affected, but it does show hash files of the malware. However, each of the files has been uploaded to VirusTotal, which reveals the names of some of the affected manufacturers. As such, the keys of the following companies are known to have been leaked (although some have yet to be identified):
- Samsung
- LG
- Mediatek
- szroco (makers of Walmart Onn tablets)
- Revoview
According to Google’s brief, companies should replace signing keys first (generally, this should be done regularly to reduce damage from possible future leaks), and minimize their use for signing individual applications except at the highest level of permissions.
The exploit was first reported in May 2022 — Google says Samsung and other companies already “took steps to minimize the impact on users.” However, according to APKMirror, some of the vulnerable keys have been used in Samsung’s Android apps for the past few days.
Also, some detected examples of malware were first scanned by VirusTotal back in 2016.
In a statement, Google clarifies that devices are protected against this vulnerability in several ways, including Google Play Protect, mitigations from device manufacturers, etc. Additionally, this exploit did not make it to apps distributed through the Google Play Store.
“The hardware manufacturing partners took immediate mitigation measures as soon as we reported the leak. Google introduced extensive malware detection in the Build Test Suite. Google Play Protect also detects malware. There is no indication that it is or was in the Google Play Store. As always, we recommend that users make sure they are running the latest version of Android.”
Google press service
While the details of the latest Android security leak are being confirmed, there are a few simple steps you can take to ensure your device remains secure. First, check if you are using the latest firmware available for the device. If your device is not receiving regular Android security updates, it is recommended that you replace it as soon as possible. It’s also a good idea to avoid installing apps from third-party sources on your phone, or make sure you fully trust the file you’re about to install.
Source: 9to5google
