A new leak of brand certificates give malware a free hand on Android

’s system has its pros and cons. One of its cons is that it is susceptible to malicious attacks due to its “open nature”. Presently, Google and its Android device partners have a serious problem. Hackers or other malicious forces have published the certificates of various hardware brands. This creates a massive security risk.  employee and security expert Lukasz Siewierski and his team came across cases in which the platform certificates of certain devices or hardware brands had been made public. These brand certificates are typically used to sign system apps provided by OEMs and their hardware suppliers to prove their authenticity and that they are not malware. Thus, if these certs are in the public, any malware can appear as authentic.

Gizchina News of the week

Brand certificates from Samsung, LG & MediaTek are in circulation

Brand certificates from the two South Korean companies, and LG are alleged to be in circulation.  There are also claims that the certificate of MediaTek is also in the public. Siewierski and his team claim to have already discovered some of the first malware apps that were signed with official brand certificates. These apps are already on the internet. In theory, brand certificates give malware vendors the ability to disguise their malware apps as official system apps.

dismisses report

In an official statement, had a swift response to the claims. The company claims that there are measures in place to tackle such issues. It is unclear how large the number of devices at risk is. But if this is true, it is likely to run into billions. However, Google as the driving force behind claims that most Android users should already be protected.

brand certificates

So far, there have been no cases in which malware signed with one of the leaked platform certificates has made it into the official Play Store. In addition, the Group’s systems recognize and filter the relevant malware across the board. However, it should be different if you sideload apps from unknown sources onto your device, since there is no security check in this case.

Source/VIA :

Via: gizchina.com

Share with friends:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More Stories: