A New Vulnerability – Certifi-gate,Could Allow Hackers To Take Complete Control Of Android Devices

A New Vulnerability – Certifi-gate,Could Allow Hackers To Take Complete Control Of Android Devices

[Infographic] Top Android Apps that Drain Battery and Use Up all your Data and Storage
Hidden code in Android Nougat will stop ransomware from resetting lockscreen passwords
Top 15 Best Android Hacking Apps for Script Kiddies and Security Experts | 2016 List
According to smartphone astrology,this month is really bad for your Android devices.After “Stagefright“, a new vulnerability has been detected in android OS.Check Point-the security experts,recently disclosed its findings at a briefing session at Black Hat USA 2015 in Las Vegas.

The new threat, dubbed “Certifi-gate”, is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device.mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner.

Check Point researchers examined the verification methods by which trusted components of the mRSTs validate remote support applications, and discovered numerous faulty exploitable implementations of this logic. This allows mobile platform attackers to masquerade as the original remote supporter with system privileges on the device.

The company claims that it affects devices made by major manufacturers including LG, Samsung, HTC, and ZTE. Worse still, it’s not just that hundreds of millions of smartphones and tablets are liable to attack.The researchers have reported their findings to the respective vulnerable OEMs and Google but have warned that no patch can fix this bug as existing Android systems cannot revoke the security certificates and permissions of the suspected apps and only a new software build will resolve the issue. Unfortunately it is often a “notoriously slow process” as it has always been the case with Android devices.