The application signatures They are a safety mechanism. Android to ensure the reliability of your updates. Apps are signed with a private key which has an associated public certificate that checks if those updates are from the same origin as the apps – this allows for that verify its origin and thus protect yourself from possible attacks.
What happened last week is that some of these android certificates were leaked and the creators of malwarethat is, malicious programs to attack other devices, they took advantage of the situation to sign malicious apps.
These certificates allow cybercriminals to access user data, as they run with elevated permissions and privileges. Therefore, any apps with malware signed with these certificates You will be able to access the system the same way.
The danger is that malicious applications are now more likely to be distributed as legitimate by pretending to be from real brands, such as Samsung or LG.
Android developers and vendors use these certificates to publish system applications, thereby verifying that the software is secure. Grants varying degrees of permissions and access privileges depending on the level that has been assigned.
Was Mishaal Rahmantechnical writer of Esper, who warned of the leak of some vendor certificates and their use to sign Android applications with malware. SAMSUNG is one of the manufacturers affected by the certificate leak, which is a serious security breach in their devices. LGalso (although he has since discontinued his cell phone business).
This security mechanism certifies that the application has not been modified. The problem is that now you can make sure that malicious applications are safe. These seemingly legitimate apps may actually be malware-laden apps that have the same level of access to basic Android services.
According to Mishaal Rahman, Google has recommended that all affected manufacturers use certificates as little as possible and carry out an internal investigation. This could cause a delay in the arrival of new updates, even if the consequences are not known at this time.
One of the recommendations to deal with security breach is always download applications from the store Google or from the seller’s shop. This is because the filtering only affects those downloaded that are manual and not those that come from wirelessly via OTA.
The discovery of the problem
Łukasz Siewierski, a reverse engineer in Google’s Android security team, posted on the Android Partner Vulnerability Initiative (AVPI) problem tracker detailing the abuse of security certificates. original platform pass malicious apps as legitimate.
A platform certificate, also called a platform key, “is the application signing certificate used to sign the ‘Android’ application in the system image. The “Android” application runs under a highly privileged user ID, android.uid.system, and has system permissions, including permissions to access user data,” Siewierski’s post reads.
The “Android” app runs with the highest system privileges, providing “system” permissions to access and modify user data. Any other applications signed with this type of certificate, the researchers warnedcan run with the same level of access to the operating system, data, and apps as Android.
Google has notified all affected parties of the stolen or compromised certificates. According to a statement from Samsung regarding the issue, there have not yet been any known security incidents related to this potential vulnerability. Manufacturers reacted quickly and released security updates for their custom editions of Android as soon as Google flagged the key compromise.
What to expect for 2023: more attacks
In this sense, there are several companies that are experts in computer security who warn about the problems that can be generated for users in terms of computer security.
An analysis by the consultancy Statista predicts that in 2023 the public cloud services market as a whole will grow by 21% compared to the previous year, with the infrastructure services (IaaS) segment in the foreground, which will grow by one 30.5%; On the other hand, platform as a service and desktop as a service will grow close to 24%, and software as a service nearly 18%.
On the other hand, the trend towards a hyper-connected and intelligent world will expand the networks of IoT (sensors and connected devices and infrastructures that collect, transmit and process data). A study predicts that the global IoT market will grow from $478 billion in 2022a 2.465 billion by 2029, with a compound annual interest rate of 26% during the forecast period. This expands the attack surface.
Faced with different given situations, both in Latin America and in the world, this concept is becoming more and more relevant and is considered one of the main priorities of any organization. However, it is anticipated that steps will be taken in the coming years to minimize the scale of attacks and avoid scenarios where put private information at risk.
The role of machine learning is it will expand. AI-enabled threat detection systems can predict new attacks and instantly notify administrators of data breaches.
There will also be further development of proactive cybersecurity practices such as penetration testing and vulnerability scanning: further steps are planned to ensure mobile devices are protected from external attacks.
For all of this, it is essential stay up to date with updates device security.
Although this Android flaw clearly shows that even in this case you cannot be 100% sure.
SL
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.