Samsung, LG, MediaTek certificates used to sign malicious programs

Android OEMs use platform certificates or platform keys to sign operating systems and core applications. If malicious programs are signed with the same key, they will be assigned to a highly privileged android.uid.system user ID with system-level access rights . Łukasz Siewierski of Google’s Android Security Team reported that multiple malicious app samples used 10 platform certificates belonging to OEMs such as Samsung, LG, Rivetec, and MediaTek. Google has notified all affected vendors and advised them to rotate platform certificates and investigate how the certificates were compromised.

This article is transferred from: https://www.solidot.org/story?sid=73542
This site is only for collection, and the copyright belongs to the original author.