Google’s Project Zero security team reported a severe vulnerability for android users. This security breach has left millions of users worried worldwide. It impacted smartphones of companies like LG, Samsung and others which are powered by MediaTek chipset.
This was reported by Lukasz Siewierski (via Mishaal Rahman) who is a Google employee and a malware reverse engineer. He says “Applications signed with the platform certificate may declare that they want to share uid with the ‘android’ application, giving them the same set of permissions without user input.”
It means that he noticed that many platform certificates are being used in order to sign malware. The certificates have been leaked which can reach hackers. He says it is used to sign the android application on the system image. The application runs with high privileged user id and holds permission related to system and user data access.
These certificates are used to verify applications as well. Another application that is signed using the same certificate is to run the same user id. If these certificates are exploited by hackers, then they can manipulate apps while still making them seem to look the same.
Affected companies have already been informed about this issue by the Android Security Team. They advised the companies to rotate the platform certificate by replacing it with a new set of public and private keys.
Such issues were first reported back in May 2022 in Samsung according to a report by XDA Developers. While some companies like Samsung took remediation measures to minimize the user impact and claimed that there were no other known security incidents regarding this possible vulnerability.
The other companies are now awaited to fix this issue and ensure a safe and smooth user experience. To ensure safety developers have to sign a unique sign-in key which is always kept to add an extra layer of protection.