Y
Hacker News
new
|
ask
|
show
|
jobs
by
hn_throwaway_99
1297 days ago
These aren't Google's keys. They are vendor-specific keys (e.g. Samsung's) used to sign their releases.
1 comments
whizzter
1297 days ago
The bug doesn't mention any vendor, rather the bug specifies "Partner-Multiple", seen reports elsewhere that points to a particular vendor?
link
MishaalRahman
1297 days ago
It's not hard to figure out which vendors are affected. Just search for the SHA256 hash of each malware sample on VirusTotal.
eg.
https://www.virustotal.com/gui/file/b1f191b1ee463679c7c2fa7d...
link
jvolkman
1297 days ago
Search google for the certificate SHAs. Most don't result in anything but this report, but one is for Samsung and another for LG.
link