The team disclosed its findings during a briefing session at Black Hat USA 2015 in Las Vegas, NV yesterday. It’s a security flaw sent to Android phones by text message that lets hackers take over your phone.
Advertisement
Certifi-gate is a set of vulnerabilities present in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on an Android device. According to them, it affects hundreds of millions of Android devices from many manufacturers including Samsung Electronics, LG Electronics, HTC, Huawei Technologies and ZTE.
Android offers no way to revoke the certificates that are providing privileged permissions, the researchers noted. “Left unmatched, and with no reasonable workaround, devices are exposed right out of the box”. Check Point told IBTimes UK ahead of its Black Hat presentation that it is yet to see the vulnerability being exploited in the wild, but that the bug could nonetheless be “very easily exploited”, should a hacker wish to do so.
The Certifi-gate vulnerability permits purposes to realize illegitimate privileged entry rights which might be usually used to help distant purposes, in response to Check Point.
The flaw, uncovered by security firm Check Point and dubbed “Certifi-gate”, resides in the mobile Remote Support Tools (mRSTs) installed in Android by device manufacturers and network operators to provide technical assistance to users.
Google spoke with Engadget regarding the vulnerability, stating, “We want to thank the researcher for identifying the issue and flagging it for us”. The issue they’ve detailed pertains to customisations OEMs make to Android devices and they are providing updates which resolve the issue.
The root causes of these vulnerabilities include hash collisions, IPC abuse and certificate forging, which allow an attacker to grant their malware complete control of a compromised device. “We strongly encourage users to install applications from a trusted source, such as Google Play” the spokesperson added.
The Company today launched Check Point Mobile Threat Prevention, a new mobile security solution enterprises can use to battle the evolving mobile threat environment and to detect threats such as Certifi-gate, malicious apps, Man-in-the-Middle attacks and more. However the team warns that “Certifi-gate” cannot be fixed, and can only be updated when a new software build is pushed to the device, which is often a notoriously slow process.
They work by accessing small components that come baked into the operating system when you buy your phone.
Advertisement
Samsung did not immediately respond to a request for comment about the remote support tool issue, but the company announced Wednesday that it plans to start releasing monthly security updates for its Android devices.
