A major security breach has led to the creation of "trusted" malware applications that can gain access to the entire operating system Android. Devices from Samsung, LG and other manufacturers are vulnerable.
As pointed out by a security expert and developer Lukasz Siewierski, Google's security initiative Android Partner Vulnerability Initiative (APVI) publicly she revealed a new exploit that makes devices from Samsung, LG, Xiaomi and other manufacturers vulnerable. The crux of the problem is that these manufacturers have leaked their signing keys for Android. The signing key is used to ensure that the version Androidu running on your device is legitimate, created by the manufacturer. The same key can also be used to sign individual applications.
Android it is designed to trust any application signed with the same key used to sign the operating system itself. A hacker with these application signing keys could use the "shared user ID" system Androidu to grant full system-level permissions to the malware on the affected device. This would allow an attacker to access all the data on the affected device.
Gallery
It is worth noting that this vulnerability does not only occur when installing a new or unknown application. Since these leaked keys AndroidIn some cases, signing of common applications is also used, including the Bixby application on some phones Galaxy, an attacker could add malware to a trusted application, sign the malicious version with the same key, and Android would trust it as an "update". This method would work regardless of whether the app originally came from the Google Play stores and Galaxy Store or has been sideloaded.
According to Google, the first step to fixing the problem is for the affected company to replace (or "turn") theirs androidov signing keys. In addition, the software giant has urged all smartphone manufacturers with its system to drastically minimize the frequency of using keys to sign apps.
You could be interested in
Google says that since the issue was reported in May of this year, Samsung and all other affected companies have already "taken corrective measures to minimize the impact of these major security breaches on users." However, it is not entirely clear what exactly this means, as some of the vulnerable keys according to the site APKMirror in the last few days he used v androidSamsung applications.
Google noted that the device with Androidem are protected against this vulnerability in several ways, including the Google Play Protect security feature. He added that the exploit did not make it to apps distributed through the Google Play store.
So vulnerable that nothing happened to ki in her life. This is just bullshit.