Why millions of Android smartphones may be at risk, as per Google employee – Times of India

Last week, Google’s Project Zero security team recently reported a severe vulnerability among smartphones from several brands using Arm’s Mali GPU, which remains unpatched for millions of users. Another Google employee has discovered another Android-related security flaw that can affect devices. Lukasz Siewierski, who is an engineer at Google claims that an Android certificate has been reportedly leaked online. The leaked Android certificate has left millions of devices at risk of a malware attack. However, this leak is not affecting all Android users except some Samsung and LG devices along with the phones that come powered by MediaTek chipsets.
How the Android certificate leak is affecting devices
Siewierski has reported that various Android OEMs’ certificates were posted publicly and these keys can be used by hackers to install malware on smartphones. The leaked sign-in key has significant OS rights and attackers can use it to insert malware without Google, the maker of the device, or the app developer ever being aware of it.
This means if users install app updates from a third-party website, hackers can inject malware and masquerade as a legitimate update. Attackers can use this app signing procedure to initiate a malware attack and access system permissions to steal user data.
One of the important components that protects Android devices includes this app signing programme. This process ensures that smartphones get software upgrades only from reputable developers. To ensure that, developers have a unique sign-in key which is always kept private to add an extra layer of protection.

How the phone makers are trying to resolve the issue
The Android Security Team. has already alerted the impacted businesses about the problem. Google has also suggested that affected companies should change the “platform certificate by replacing it with a new set of public and private keys.”
According to a report by XDA Developers, Samsung has been aware of this bug for a while and has also addressed the vulnerability. The South Korean tech giant has reportedly stated that it has “deployed security fixes since 2016 upon being made aware of the issue.” The company also claimed that there have been “no known security incidents regarding this possible vulnerability.”

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.