Samsung, LG phones at risk of malware attacks


San Francisco, Dec 4 (IANS): Samsung and LG phones are reportedly at risk of malware attacks because of a leaked Android certificate.

An Android certificate was reportedly posted online, putting millions of devices at danger of malware attacks, reports Gizmochina.

Users of Samsung and LG devices as well as all smartphones with MediaTek chipsets are at risk of being attacked by this malware.

The leaked certificate could be used by malicious parties to install malware on users' smartphones.

Since the sign-in key has the highest level of OS (operating system) rights, hostile actors can inject malware without Google, the device's manufacturer, or the app developer ever knowing about it.

The bad actor might theoretically install malware while posing as a legitimate software update if users download the update from a third-party website.

According to Google, platform certificate refers to the application signing certificate used to sign the "android" application on the system image.

The extremely privileged user-id "android.uid.system" is used by the "android" software, which has access to user data in addition to other system permissions.

Any other programme that has the same certification as the Android operating system is granted the same level of access.

The Android Security Team has already informed the impacted businesses of the issue.

The tech giant also advised that the impacted businesses "rotate the platform certificate by replacing it with a new set of public and private keys."

Samsung has been aware of the problem for some time and has addressed the vulnerability, the report said.

 

  

Top Stories


Leave a Comment

Title: Samsung, LG phones at risk of malware attacks



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.