Skip Navigation

Missing signs: how several brands forgot to secure a key piece of Android

rtx.meta.security Missing signs: how several brands forgot to secure a key piece of Android

We recently discovered that Android devices from multiple major brands sign APEX modules—updatable units of highly-privileged OS code—using private keys from Android’s public source repository. Anyone can forge an APEX update for such a device to gain near-total control over it. Rather than negligen...

4
4 comments