android

Looks like millions of Android smartphones were literally inches away from mass malware attacks. Devices from LG, Samsung and MediaTek chipsets were subjected to a major Android vulnerability. Once exploited, it would have given cyberattackers complete authority over your device. In fact, the privileges that this vulnerability introduces to the injected malware may be more than what you as a user have on your own device.

Android steers closer to a massive malware attack

According to the reports shared by Lukasz Siewierski, a Google employee and a malware reverse engineer, critical certificates of some of the Android smartphone manufacturers were leaked giving exploiters the exact vulnerability to puncture into these devices. It includes MediaTek, LG, and Samsung which means the vulnerability would have given cyber attackers access to hundreds of millions of devices.

Folks, this is bad. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the “android” app itself. These certs are being used to sign malicious Android apps! https://t.co/lhqZxuxVR9

— Mishaal Rahman (@MishaalRahman) December 1, 2022

For the unversed, everything smartphone manufacturer (or OEM) has a platform certificate that contains a private key. Android OS authenticates this private key whenever there’s an app update from the OEM. Once confirmed, it is passed through. These certificates have the android.uid.system as their user id which is the highest level of privilege on a device.

Apparently, some of these certificates were leaked. It means if an attacker got his hands on it, he can literally use it to trick Android OS into believing that malware being injected in an app is actually an update thanks to its disguise. Since the Android OS validates the key, it has no reason to suspect and gives it a green signal. That’s where the malware gets privileged access to that particular app and device itself.

android

In fact, according to some experts, the privileges this malware could gain are likely higher than what users have on their devices.

Fortunately, not everything is lost…

The good news is, Google has acknowledged the issue and has warned the OEMs to push updates to mitigate it. It has asked OEMs to rotate the certificates and change the keys that would make the previous certificates obsolete.

Apart from that, Google has implemented detection for malware on its Build Test Suite that checks system images on devices. Google Play Protect prevents such types of malware to pass through when the user has downloaded or updated the apps. It is highly recommended to steer away from sideloading as that opens a system to countless vulnerabilities.

TECH NEWS RELATED

Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

With the DNS changed, users are redirected to malicious pages

View more: Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

Is the 2023 Toyota RAV4 Too Old to Keep Up?

Today we’re putting the Toyota RAV4 in the spotlight to take a closer look at it. We know that there are tons of great things to say about it. It’s capable, spacious, and reliable. But is the 2023 Toyota RAV4 old? Is its age starting to show?  Is the 2023 ...

View more: Is the 2023 Toyota RAV4 Too Old to Keep Up?

The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

Hyundai is building a reputation as an automaker that makes a lot of great cars. This is the case with the 2016 Hyundai Sonata, as Hyundai gave the car a lot of updates for that model year, and that made the car nearly flawless. Here’s a look at how the ...

View more: The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

How to Remove Memories in Google Photos

Open a Memory from the Google Photos app and tap the three-dot menu icon. Then select “Hide” and choose “Remove This Memory.” Google Photos resurfaces old photos and videos in an aptly named feature called “Memories.” However, not all memories are good memories, and you may not want to ...

View more: How to Remove Memories in Google Photos

The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

Hyundai has some excellent SUVs in its lineup right now, all of which are reasonably priced to fit many budgets. The sport utility vehicles below come with Hyundai’s five-year/60,000-mile comprehensive coverage and 10 years/100,000 miles on key powertrain components. Here are three of the best Hyundai SUVs for 2023, packed ...

View more: The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

Refreshed Mercedes CLA Gets Mild-Hybrid Technology

Both the ’24 Mercedes-Benz CLA and Mercedes-AMG CLA receive 48V electrical systems providing additional low-end horsepower.

View more: Refreshed Mercedes CLA Gets Mild-Hybrid Technology

Best Ways To Fix Slow Internet During VPN On Windows 11

Is your VPN slowing down your Internet connection on Windows 11? You’re not alone – many users experience the same issue. Having slow Internet while using a VPN can be incredibly frustrating, especially in the middle of a big project. Whether working from home or just trying to stream your ...

View more: Best Ways To Fix Slow Internet During VPN On Windows 11

Best free sports streaming apps in 2023

Cutting the cord on cable television is something tons of people have done over the past five years. But that hasn’t proven to be the smartest way to continue to watch sports. Whether it comes from premium sports website subscriptions to keep tabs on your favorite players, or even fantasy ...

View more: Best free sports streaming apps in 2023

New software for millions of BMW vehicles with the latest software upgrade

After six months, the Galaxy A41 gets a new security update

9 Best Fix: Windows Won’t Recognize Android Device

Which Is a Better Used Sedan: the 2020 Chevrolet Impala or the 2020 Nissan Maxima?

Galaxy Tab S6 Lite Wi-Fi gets One UI 5.0 as its last major update

2023 Alfa Romeo Tonale PHEV: full pricing and specs revealed

8 Best Smart Home Automation Apps for Android and iOS

4 Reasons to Avoid the 2023 Nissan Maxima

One UI 5.0 feature focus: Create home screen widget stacks

Will 5G Make Me Use More Cellular Data?

No Sound on Windows 11? Here Are 6 Ways How to Fix It!

2024 Alfa Romeo Tonale Gets Reasonable Starting Price

OTHER TECH NEWS

Top Car News Car News