Following the return of the SharkBot malware to Android, we are once again referring to the world of computer security on these pages. Indeed, some OEM certificates would be made public.
As reported by Gizchina And ArsTechnicasome hackers would have managed to get hold of certificates related to Samsung and LG, but there could also be issues relating to MediaTek, even if in the latter case the rumors are less widespread. In any case, the basis of the matter is the Google security expert Lukasz Siewierski, who with his team claims to have had the opportunity to verify that some of these certificates would be public.
For the uninitiated, such certificates (or keys) are usually used to sign system applications Android-related OEMs. Therefore, reference is made to a method of verifying the authenticity of software and indicating that it is not malware. Understand well, in short, that in the hands of the bad guys everything can be a possible security problem.
In fact, this way hackers could potentially sign a malware app to make it look “authentic”. To be clear, a malicious update of a classic app from one of the large companies involved could potentially be seen as “normal” by the system. Siewierski and his team said they have already found some malicious apps that would make use of this method, as the first bad guys are already trying to “disguise” the malware as official system apps.
It must be said though that Google responded to the matter through an official statement, stating that measures are already in place to prevent potential security problems. It also seems that no app of this type has currently managed to pass the Play Store checks. The main source of security problems could therefore be the installation of APK files from external sources, which is now more dangerous in terms of computer security.
There was also a response from Samsungarrived at the microphones of XDA Developers: “Samsung takes the security of Galaxy devices seriously. We have been releasing security patches since 2016 after being notified of the issue. There are no known security incidents related to this potential vulnerability. We always advise users to keep their devices up-to-date with the latest software updates“. In short, at least as far as Samsung is concerned, reference would be made to an outdated certificate.