News Categories

Leaked Android certificates could give hackers full access to millions of phones

By Cookie Monster - on 4 Dec 2022, 10:36am

Leaked Android certificates could give hackers full access to millions of phones

Image source: Check Point.

Millions of Android phones were vulnerable to hackers and malware after a major leak.

According to Google malware reverse enginreing expert Lukasz Siewierski, platform certificates of several Android OEMS were leaked which hackers could use to install malware and gain acces to devices.

These platform certificates are designed to verify the authenticity of apps for use on Android devices. They also hold system permissions such as the ability to access user data and Android OS. Hackers can disguise their malware as system apps and bypass the security checks to gain almost complete access to the infected devices.

To date, the leaked platform certificates are from Samsung, LG, Xiaomi, MediaTek and other smaller Android players. Android Police claims most of the certificates are currently not in active use, which limits the scale of this vulnerability.

In response to this news, the Android security team shared that "OEM partners promptly implementeed migitation measures" as soon as they reported the vulnerability. Furthermore, there is no indication that this malware is or was on the Google Play Store.

Samsung issued a statement and clarified that security issues have been issued since 2016. In addition, there is mo known security incidents regarding this potential vulnerability.

Source: @MishaalRahman via Android Police 

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.