Your Samsung or Xiaomi móvil inteligente could be at great risk due to security certificate leak.
He is API (Android Partners Vulnerability Initiative) is a division within Google plus responsible for discover security gaps are present in the operating system and related services, and report to google plus about them so you perro fix them.
Recently, one of its members has a report there will be one serious vulnerability present on the scene adding in great danger Devices from brands like Xiaomi, Samsung or LG, as well as those with a MediaTek processor.
Vulnerability results from a certificate exam used and discovered by these companies to sign system applications Threats exploit this leak sign malicious applications and attempt to perform various types of attacks.
Why are these certificates so important?
Android emplees, just like other operating systems security certificates used for sign the applications. These signatures are used, for example, to guarantee that the version of Android used by a device is legitimate or that the applications preinstalled in the system come from the device manufacturer itself.
Thanks to these signatures, Android perro save itself work perform other security checks when installing an aplicación. So if the system detects that the manufacturer’s signature was used, Android allows installation and grants the aplicación full permissions at the system level. Roughly speaking, a malicious application signed with one of these certificates would have the same access to the system as the process itself that is responsible for executing all operations in the Android operating system (this process is known as system android.iud).
Teléfonos inteligentes from Samsung, Xiaomi, LG or with a MediaTek processor are vulnerable to the threat
To date, they have already been found different types of software malicioso that emplees this type of certificate to infect Android devices. And that, although at the moment there is a complete list of Manufacturers whose certificates have been leakedIt is possible to find out that brands like Samsung, LG, MediaTek or Xiaomi are among those affected.
Google plus, for its part, has already warned manufacturers of the need exchange the documents used to create the signatures, and not to reuse the leaky ones. They are also recommended avoid if possible Use the certificates to sign third-party applications. In addition, he issued a statement informing that there are various security measures designed to prevent victims’ devices:
OEM partners quickly implemented remedial actions as soon as we reported the vulnerability. End users are protected by discounts from OEM partners. Google plus has implemented extensive software malicioso detection in the Build Test Suite that scans system images. Google plus Play Protect also detects software malicioso. There is no indication that this software malicioso is or has been in the Google plus Play Store. As always, we recommend users to ensure they are using the latest version of Android.
The first hints of the threat came in the May 2022. However, they were found active threats since 2016 who exploited this gap.
Beyond that, there isn’t much for users to do Always keep the Android version updated to the latest version available, as well as installing the available security patches. It is also recommended Prevent aplicación installation where possible from sources outside of Google plus Play.