A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware.
Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. The post is just a list of the keys, but running each one through APKMirror or Google’s VirusTotal site will put names to some of the compromised keys: Samsung, LG, and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart’s Onn tablets.
This is a huge problem. The whole system of authentication rests on the assumption that signing keys are kept secret by the legitimate signers. Once that assumption is broken, all bets are off:
Samsung’s compromised key is used for everything: Samsung Pay, Bixby, Samsung Account, the phone app, and a million other things you can find on the 101 pages of results for that key. It would be possible to craft a malicious update for any one of these apps, and Android would be happy to install it overtop of the real app. Some of the updates are from today, indicating Samsung has still not changed the key.
More Stories
Major Online Platform for Child Exploitation Dismantled
An international law enforcement operation has shut down Kidflix, a platform for child sexual exploitation with 1.8m registered users Read...
CrushFTP Vulnerability Exploited Following Disclosure Issues
A critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process Read More
HellCat ransomware: what you need to know
HellCat - the ransomware gang that has been known to demand payment... in baguettes! Are they rolling in the dough?...
Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware
The cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware Read More
Web 3.0 Requires Data Integrity
If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known...
Sensitive Data Breached in Highline Schools Ransomware Incident
Highline Public Schools revealed that sensitive personal, financial and medical data was accessed by ransomware attackers during the September 2024...