Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned

Checkpoint ^ | August 6, 2015 | by Check Point Research Team

[Swordmaker]

Check Point today released details about Certifi-gate, a previously unknown vulnerability in the architecture of popular mobile Remote Support Tools (RSTs) used by virtually every Android device manufacturer and network service provider. The Check Point mobile threat research team disclosed its findings at a briefing session at Black Hat USA 2015 in Las Vegas, NV this morning.

What is Certifi-gate?
Certifi-gate is a set of vulnerabilities in the authroization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner.

How does Certifi-gate make my device vulnerable?
Check Point researchers examined the verification methods by which trusted components of the mRSTs validate remote support applications, and discovered numerous faulty exploitable implementations of this logic. This allows mobile platform attackers to masquerade as the original remote supporter with system privileges on the device.

What devices are at risk?
Vulnerable components of these 3rd party mRSTs are often pre-loaded on devices or included as part of a manufacturer or network provider’s approved software build for a device. This creates significant difficulty in the patching process and makes affected components impossible to remove or to work around.

Check Point has also made available a scanner app that can determine whether your device is vulnerable to Certifi-gate. Click here to download the scanner app from Google Play.

http://blog.checkpoint.com/wp-content/uploads/2015/08/TeamViewer.mp4

Above: Example of Check Point-built “malicious app” using Team Viewer plugin to gain access to an Android device; Below: Example of the same using the Communi-Take plugin.

http://blog.checkpoint.com/wp-content/uploads/2015/08/CommuniTake.mp4

[Swordmaker]

hundreds of millions of Android devices are at risk to the Certifi-Gate vulnerability which can Pwn your Android phone or tablet. — PING!

Android devices PWNED
Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Swordmaker]

for your ping lists. . . Android vulnerability that may or may not get patched.

[Responsibility2nd]

WHAT???

My Samsung Galaxy S5 can be hacked with Obama’s phony birth certificate?

Damn that sneaky Kenyan.

[Responsibility2nd]

Ohhh. Certifi-gate.

(doing best Emily Latella impersonation....)

Never Mind.

[sauropod]

bfl

[RayChuang88]

I believe that Google may push out a fix for this bug for the Google Nexus phones and any phone that runs the Google Play version of Android. The Motorola Moto X and G phones may get the fix pretty quickly, too.

[Swordmaker]

My Samsung Galaxy S5 can be hacked with Obama’s phony birth certificate?

Damn that sneaky Kenyan.

ROTFLMAO!

[dayglored]

Android vulnerability -- check your phone with the link in the article ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to Swordmaker for the ping!!

[Lurkina.n.Learnin]

Mine says I’m good to go.

[Abby4116]

It says my BLU phone is safe.

[Excellence]

Thanks for the heads up.