Shulou(Shulou.com)11/24 Report--

CTOnews.com Dec. 3-A new post on Google's Android Partner Vulnerability Project (APVI) website exposes a security vulnerability affecting millions of Android devices. Hackers can exploit this vulnerability to implant malware in Samsung, LG, Xiaomi and many other OEM brand phones. And these malware can gain the highest privileges at the system level.

CTOnews.com understands that the key to this security vulnerability is platform certificates. Google employee and malware reverse-engineer <$ukasz Siewierski first spotted the certificate problem, saying that these certificates or signature keys determine the legitimacy of Android versions on devices. Vendors also use these certificates to sign applications.

While Android assigns each app a unique user ID (UID) at installation time, apps that share a signature key can also have a shared UID and access each other's data. By this design, applications signed with the same certificates as the operating system itself can gain the same privileges.

The key to the problem is that some OEMs 'Android platform certificates are leaked to the wrong people. These certificates are now abused to sign malicious apps, giving them the same permissions as Android. These applications can gain system-level privileges directly on affected devices without interacting with users. So once an Android device is infected, it can get all the data without the user knowing it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.