In the custody of Google employees… Millions of Android smartphones are at risk

A recent report revealed the discovery of one Google employees A new Android security vulnerability affects millions of Android phones, and this comes a week after Google’s Project Zero security team reported a critical vulnerability among smartphones from several brands using Arm’s Mali GPU, which remains unpatched for millions of users.

Google engineer Lukasz Siewierski said that the Android certificate was leaked online, as the leaked Android certificate left millions of devices vulnerable to malware attack, however, this leak does not affect all Android users except for some devices along with phones that are powered by Android. MediaTek chipset.

Siewierski reported that several OEM certificates have been published for the Android operating system, and hackers can use these keys to install malware on smartphones. The leaked login key contains important operating system rights and attackers can use it to insert malware without the knowledge of Google, the device manufacturer, or Application developer so.

This means that if users install app updates from a third party website, hackers can introduce malware and masquerade as a legitimate update. Attackers can use this application signature procedure to launch a malware attack and gain access to system permissions to steal user data.

An important component that protects Android devices includes this application signing program. This process ensures that smartphones only get software upgrades from reputable developers. To ensure this, developers have a unique login key that is always kept private to add an extra layer of protection.

How phone makers are trying to solve the problem

The Android security team has already alerted affected companies to the issue, and Google has also suggested that affected companies should change the “platform certificate by replacing it with a new set of public and private keys.”


Leave a Comment

Your email address will not be published. Required fields are marked *