Skip to main content

Featured Post

AMD to invest $400 million in India by 2028: Here’s what we know

US chipmaker Advanced Micro Devices said on Friday it will invest around $400 million in India over the next five years and will build its largest design center in the tech hub of Bengaluru. AMD’s announcement was made by its Chief Technology Officer Mark Papermaster at an annual semiconductor conference that started Friday in Prime Minister Narendra Modi’s home state of Gujarat. Other speakers at the flagship event include Foxconn Chairman Young Liu and Micron CEO Sanjay Mehrotra. Despite being a late entrant, the Modi government has been courting investments into India’s nascent chip sector to establish its credentials as a chipmaking hub. AMD said it will open its new design centre campus in Bengaluru by end of this year and create 3,000 new engineering roles within five years. “Our India teams will continue to play a pivotal role in delivering the high-performance and adaptive solutions that support AMD customers worldwide,” Papermaster said. The new 500,000-square-foot (55,5...
1 comment
Read more
Labels

Millions of Samsung, LG, other Android phones left vulnerable because of major security leak

Hundreds of thousands of Android smartphones have been rendered vulnerable after a major security leak paved the way for a “trusted” malware programme to run amok, affecting devices from Samsung, LG, Xiaomi, and others. According to a malware reverse engineer at Google, citing a Google Android Partner Vulnerability Initiative (APVI) report, the new vulnerability could allow a malicious attacker to gain system-level permissions on an affected device, making it prone to attack.

Łukasz Siewierski, the engineer, shared the findings of APVI on Twitter. The report has noted that platform signing keys of multiple Android OEMs have been leaked outside of respective companies. By design, Android trusts any app signed with the same key that is used to sign the operating system. This key ensures that the version of Android running on a device is legitimate and is created by the manufacturer. The same key is used to sign individual apps.

Since the key of multiple Android OEMs is now available to miscreants, they could use those app-signing keys to access Android’s “shared user ID” system and give the malware programme full, system-level permissions on an affected device. In other words, attackers could gain access to all the data on an affected device because of the vulnerability.

The report further mentioned that this Android vulnerability is caused not only by a new or unknown app but also system app because the leaked keys could be used to sign common apps, such as the Bixby app on at least some Samsung phones. An attacker could add malware to a trusted app and sign it with the leaked key to make it look authentic so that Android trusts it as an update. As 9to5Google noted, this method would work no matter if an app came originally from the Play Store, Samsung’s Galaxy Store, or was sideloaded to the phone.

The APVI report does not list which OEMs were affected, but it contains the hash of example malware files. Uploading these samples to VirusTotal revealed that these keys could belong to companies such as Samsung, LG, MediaTek, Revoview, and szroco, which manufactures Walmart’s Onn tablets.

Google’s full disclosure mentions that all OEMs were intimated about the vulnerability since it was reported back in May 2022. These smartphone brands have already “taken remediation measures to minimise the user impact” of security leaks like this. But according to APKMirror, some of the vulnerable keys were used in Android apps by Samsung in the last few days.

The post Millions of Samsung, LG, other Android phones left vulnerable because of major security leak appeared first on BGR India.



from BGR India https://ift.tt/aiDg9Ws
via IFTTT
Email Post
Labels:

Comments

Post a Comment

add