Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
hn_throwaway_99
on Dec 1, 2022
|
parent
|
context
|
favorite
| on:
Platform certificates used to sign malware
These aren't Google's keys. They are vendor-specific keys (e.g. Samsung's) used to sign their releases.
whizzter
on Dec 1, 2022
[–]
The bug doesn't mention any vendor, rather the bug specifies "Partner-Multiple", seen reports elsewhere that points to a particular vendor?
MishaalRahman
on Dec 2, 2022
|
parent
|
next
[–]
It's not hard to figure out which vendors are affected. Just search for the SHA256 hash of each malware sample on VirusTotal.
eg.
https://www.virustotal.com/gui/file/b1f191b1ee463679c7c2fa7d...
jvolkman
on Dec 2, 2022
|
parent
|
prev
[–]
Search google for the certificate SHAs. Most don't result in anything but this report, but one is for Samsung and another for LG.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
