Skip to main content

Featured Post

AMD to invest $400 million in India by 2028: Here’s what we know

US chipmaker Advanced Micro Devices said on Friday it will invest around $400 million in India over the next five years and will build its largest design center in the tech hub of Bengaluru. AMD’s announcement was made by its Chief Technology Officer Mark Papermaster at an annual semiconductor conference that started Friday in Prime Minister Narendra Modi’s home state of Gujarat. Other speakers at the flagship event include Foxconn Chairman Young Liu and Micron CEO Sanjay Mehrotra. Despite being a late entrant, the Modi government has been courting investments into India’s nascent chip sector to establish its credentials as a chipmaking hub. AMD said it will open its new design centre campus in Bengaluru by end of this year and create 3,000 new engineering roles within five years. “Our India teams will continue to play a pivotal role in delivering the high-performance and adaptive solutions that support AMD customers worldwide,” Papermaster said. The new 500,000-square-foot (55,5...
1 comment
Read more
Labels

Leaked Android certificate leave millions of Samsung, LG phones vulnerable to malware

A major Android leak has left millions of devices across the globe vulnerable to malware. While the leak does not affect most Android devices on the planet, it does pose a problem for users of Samsung and LG smartphones and the devices powered by MediaTek chips.

For the unversed, an important part of how Android OS protect smartphones is the application signing process. This process ensures that all the software updates that are being delivered to users’ smartphones are coming from legitimate developers. To add another layer of security, this process requires a special sign-in key that is specific to the app developer and is always kept private.

Now, Łukasz Siewierski (via Mishaal Rahman), a Google employee and malware reverse engineer, has said that the certificates of several Android OEMs were leaked online. These keys can be used by malicious actors for injecting malware in users’ smartphone. which could have been used to inject malware into smartphones. What’s concerning is that this sign-in key has the highest level of OS privileges, which means that the malicious actor can inject malware without Google, the device maker or the app developer ever knowing about it. In theory, the malicious actor can inject the malware posing as a legitimate app update if users download the update from a third-party website.

“A platform certificate is the application signing certificate used to sign the “android” application on the system image. The “android” application runs with a highly privileged user id – android.uid.system – and holds system permissions, including permissions to access user data. Any other application signed with the same certificate can declare that it wants to run with the same user id, giving it the same level of access to the Android operating system,” Google wrote in a blog post.

Thankfully, all hope isn’t lost yet. The Android Security Team has already informed the affected companies about the issue. The tech giant has also advised the affected companies to ‘rotate the platform certificate by replacing it with a new set of public and private keys’.

“Additionally, they should conduct an internal investigation to find the root cause of the problem and take steps to prevent the incident from happening in the future,” the company added.

Furthermore, a report by XDA developers that Samsung has been aware of the issue for a long time and that it patched the vulnerability long ago. “We have issued security patches since 2016 upon being made aware of the issue, and there have been no known security incidents regarding this potential vulnerability,” the company said in a statement to the publication.

The post Leaked Android certificate leave millions of Samsung, LG phones vulnerable to malware appeared first on BGR India.



from BGR India https://ift.tt/sR8nL16
via IFTTT
Email Post
Labels:

Comments

Post a Comment

add