Η ευπάθεια Certifi-Gate για Androiod ανακαλύφθηκε βρέθηκε από τους ερευνητές ασφάλειας της Check Point σε διαθέσιμη εφαρμογή στο Google Play App Store.
The vulnerability, which allows an attacker to take remote control of an Android device, using the mobile devices Its Remote Support Tools (mRSTs) can be leveraged using support applications from vendors such as AnySupport, CommuniTake, RSupport, and TeamViewer.
Check Point, the security company that found this error and presented it at the Black Hat USA 2015 conference in Las Vegas, also released an application scanner that detects an Android phone and reports whether its phone is vulnerable to the Certifi-Gate bug.
Ο this scanner already has 50.000 to 100.000 facilities and includes a telephone system that reports its results to Check Point staff.
According to the security team which has grouped all the data, που έχουν βρεθεί το 15,84% των σαρωμένων smartphones να έχουν ένα ευάλωτο plugin (από αυτά που αναφέρονται παραπάνω) που έχει εγκατασταθεί στο τηλέφωνο του χρήστη.
In addition, 42,09% of the phones were also vulnerable but without having any app installed with a vulnerable plugin on the device.
0.01% of scanned phones, which represent 3 phones, were found to be actively used by vulnerabilities.
Taking a closer look at the infected phones, Check Point's staff found out that the Recordable Activator Android app, an app distributed via the official Google Play Store, is blame.
The app has been downloaded from 100.000 to 500.000 times, although it has now moved away from Google Play.
The application is a simple screen recording as well as many similar apps and works with four user screen capture methods: via USB, through Android 5, via the root user, and through the TeamViewer plug-in.
According to Check Point researchers, "the Recordable Activator application bypasses the Android device's permission to use the TeamViewer plugin to gain system-level access and capture the device screen."
In accordance with The Register, the makers of the vulnerability, an English company with the name Invisibility Ltd, αναφέρουν ότι “η δυνατότητα εγγραφής χρησιμοποιείται κατά κύριο λόγο από τα παιχνίδια που χρειάζονται την καταγραφή για να ανεβάζουν στο YouTube τα παιχνίδια. Εκατοντάδες χιλιάδες παιδιά χρησιμοποιούν την δυνατότητα αυτή για να ανεβάζουν το παιχνίδι τους στο channel them on YouTube”.
Recordable Activator was used by older versions of the TeamViewer plugin in exactly the same way. "It did so in response to a user request… and informed the user in the same way that TeamViewer did," said Christopher Fraser, a spokesman for Invisibility Ltd.
The application does not seem to have harnessed a user's private assets for its own benefit but appears to have used Certifi-gate vulnerability to enhance its own capabilities without alerting and scaring users with pop-ups reporting about protection of the private life.
Seeing the Check Point data collected by their scanner application, we also see that LG devices were the most vulnerable, followed by Samsung and HTC.
The three phones that are actively used by the vulnerability are Samsungs, but according to the diagram in general LG shows more vulnerable to Certifi-gate.
Sony devices appear to be the least vulnerable to all scanned chips.
