The Certifi-Gate vulnerability for Androiod was discovered by its security researchers Check Point in an app available on the Google Play App Store.
The vulnerability, which allows an attacker to take remote control of an Android device, using the mobile devices Remote Support Tools (mRSTs) του, μπορεί να αξιοποιηθεί χρησιμοποιώντας εφαρμογές υποστήριξης από τους προμηθευτές όπως AnySupport, CommuniTake, RSupport, και TeamViewer.
Check Point, the company security who found this bug and presented it at the Black Hat USA 2015 conference in Las Vegas, also released an app – a scanner that detects an Android phone and reports whether their phone is vulnerable to the Certifi-Gate bug.
Ο this scanner already has 50.000 to 100.000 facilities and includes a telephone system that reports its results to Check Point staff.
According to the security team that has grouped all the items that have been found with 15,84% of scanned smartphones to have a vulnerable plugin (listed above) installed on the user's phone.
In addition, 42,09% of the phones were also vulnerable but without having any app installed with a vulnerable plugin on the device.
0.01% of scanned phones, which represent 3 phones, were found to be actively used by vulnerabilities.
Taking a closer look at the infected phones, Check Point's staff found out that the Recordable Activator Android app, an app distributed via the official Google Play Store, is blame.
The app has been downloaded from 100.000 to 500.000 times, although it has now moved away from Google Play.
The application is a simple screen recording as well as many similar apps and works with four user screen capture methods: via USB, through Android 5, via the root user, and through the TeamViewer plug-in.
According to Check Point researchers, "the Recordable Activator application bypasses the Android device's permission to use the TeamViewer plugin to gain system-level access and capture the device screen."
In accordance with The Register, the makers of the vulnerability, an English company with the name Invisibility Ltd, state that “the recording feature is primarily used by games that need recording to upload games to YouTube. "Hundreds of thousands of kids use this feature to upload their game to their YouTube channel."
Recordable Activator was used by older versions of the TeamViewer plugin in exactly the same way. "It did so in response to a user request… and informed the user in the same way that TeamViewer did," said Christopher Fraser, a spokesman for Invisibility Ltd.
The application does not seem to have harnessed a user's private assets for its own benefit but appears to have used Certifi-gate vulnerability to enhance its own capabilities without alerting and scaring users with pop-ups reporting about protection of the private life.
Seeing them data of Check Point collected by their scanner app, we also see that LG devices were the most vulnerable, followed by Samsung and HTC.
The three phones that are actively used by the vulnerability are Samsungs, but according to the diagram in general LG shows more vulnerable to Certifi-gate.
Sony devices appear to be the least vulnerable to all scanned chips.
