A New Vulnerability – Certifi-gate,Could Allow Hackers To Take Complete Control Of Android Devices

According to smartphone astrology,this month is really bad for your Android devices.After “Stagefright“, a new vulnerability has been detected in android OS.Check Point-the security experts,recently disclosed its findings at a briefing session at Black Hat USA 2015 in Las Vegas.

The new threat, dubbed “Certifi-gate”, is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device.mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner.

Check Point researchers examined the verification methods by which trusted components of the mRSTs validate remote support applications, and discovered numerous faulty exploitable implementations of this logic. This allows mobile platform attackers to masquerade as the original remote supporter with system privileges on the device.

The company claims that it affects devices made by major manufacturers including LG, Samsung, HTC, and ZTE. Worse still, it’s not just that hundreds of millions of smartphones and tablets are liable to attack.The researchers have reported their findings to the respective vulnerable OEMs and Google but have warned that no patch can fix this bug as existing Android systems cannot revoke the security certificates and permissions of the suspected apps and only a new software build will resolve the issue. Unfortunately it is often a “notoriously slow process” as it has always been the case with Android devices.

TechLog360 Publishes Latest Tech News,Hacking News,Security and Privacy Tips,Tech Hacks,How To Guides and Lots More. Its All About Science &Technology


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream