Check Point Certifi-gate: the incredible vulnerability of Android

A new vulnerability of Android (Certifi-gate) was discovered by Check Point security researchers. The researchers revealed vulnerability in Black Hat USA 2015, and reported that it allows an attacker to gain full remote control of a device using Mobile Remote Support Tools (mRSTs).Certifi-gate

These tools (mRSTs) have been added to Android to allow IT to detect bugs and problems without the need for device owners to go to a support center.

In other words, they allow the support staff to connect remotely, interact with the user's device, or implement patches.

But because mRSTs have system privileges, it makes them an ideal target for hackers.

The Check Point team analyzed the authentication methods used by mRSTs to validate a support application used by a remote location from IT departments and discovered they could easily disguise malicious agents as valid support requests. So they were able to carry out successful attacks that gave them system-level permissions on any device.

This allows hackers to access all phone features, which means they can block phone calls, capture messages, photos, install apps, and anything you can think of.

According to her research Check Point, Certifi-gate vulnerability has been found in the following support applications: AnySupport, CommuniTake, RSupport, and TeamViewer.

IS YOUR DEVICE AT RISK?
Download Certifi-gate scanner for Android App today to find out

Here are two videos that show vulnerability.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).