Leaked certificates leave millions of smartphones at the risk of being hacked
Leaked Android certificate left millions on Android device at the risk of malware attack. This vulnerability concerns one of the most popular smartphone brands.
Millions of Android devices around the world are now vulnerable to the malware as a result of a significant leak. The majority of Android devices on the planet are unaffected by the leak, however, this leak concerns Samsung and LG smartphones and the devices powered by MediaTek chipsets.
Samsung, LG and MediaTek powered smartphones are at severe risk of malware due to leaked Android certificate
As reported by Lukasz Siewierski, who is Google employee and malware reverse engineer that various Android vendors certificates were leaked. As these certificates is available to public, hackers might use them to install malware on smartphone users.
With using keys of the greatest level of OS rights from the certificates, malignant hackers can insert malware on these smartphones without Google, manufacturer of device or app developer. That is, if users download a update from a third-party website, these hackers can inject malwares as if it is a legal all update.
Folks, this is bad. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android apps! https://t.co/lhqZxuxVR9
— Mishaal Rahman (@MishaalRahman) December 1, 2022
As stated by Mishaal Rahman and Siewierski, this leak concerns Samsung, LG and MediaTek powered smartphones at the moment. However, affected vendors have alerted the issue to the Android Security team. Vendors will most probably release Android security patch for their smartphones soon.
