Certifi-gate: Hundreds of millions of Android devices vulnerable to stealth unrestricted access

Check Point today released details about Certifi-gate, a previously unknown vulnerability in the architecture of popular mobile Remote Support Tools (RSTs) used by virtually every Android device manufacturer and network service provider. The Check Point mobile threat research team disclosed its findings at a briefing session at Black Hat USA 2015 in Las Vegas, NV this morning.

Certifi-gate is a set of vulnerabilities in the authroization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner.

Check Point researchers examined the verification methods by which trusted components of the mRSTs validate remote support applications, and discovered numerous faulty exploitable implementations of this logic. This allows mobile platform attackers to masquerade as the original remote supporter with system privileges on the device.

Vulnerable components of these 3rd party mRSTs are often pre-loaded on devices or included as part of a manufacturer or network provider’s approved software build for a device. This creates significant difficulty in the patching process and makes affected components impossible to remove or to work around.

Read more in the full article here.

Source: Check Point

MacDailyNews Take: Well, fragmandroid certainly is “open,” isn’t it?

“If it’s not an iPhone, it’s not an iPhone.” Which is a nice way of saying: Get a real iPhone, dummy!

SEE ALSO:
Malformed video files can be used to crash half of all Android phones – July 30, 2015
Security journalist: Goodbye, Android, hello Apple iPhone! – July 29, 2015
950 million Android phones can be hijacked by malicious text messages – July 27, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013

22 Comments

            1. Not sure what you meant by ‘no USB’ all 3 Galaxy S6 models support USB connectivity and the S6 and S6 edge can also be USB hosts. I simply made a point that Samsung DOES offer new models with SD card support to remedy your blanket statement to the contrary..

  1. There are thousands of vulnerabilities, thousands of malware titles right inside the Google Play store, and every week, we hear of a new one.

    What Android platform is missing, though, it one major severe, debilitating outbreak, as was Melissa on Windows (or some similar, as there were many). All this is great to discuss, but it would be extremely convenient to not have to endlessly argue the fine points of Android vs. iOS security academically, but instead have a simple and obvious example.

    I am anxiously awaiting a major malware outbreak that will materially affect millions of Android phones, with high-profile celebrity protests and major news coverage. This would help significantly more than all this academic discussion about vulnerabilities, malware and security.

    I am really surprised it hasn’t yet happened.

    1. General population knows next to nothing about all these vulnerabilities and security issues of the Android platform. We can be smug all day long, but most people are truly clueless. The only way the world will learn is to experience it themselves — to be hurt by it in a real, practical way.

      Bricking the phones, or somehow disabling most of their essential functions, by some self-spreading malware, would be the most efficient way of teaching the unawashed Android masses about the (lack of) security of their devices.

    2. What is astonishing is that some script kiddy group hasn’t slapped an Android virus together on a cute one trick pony app that a lot of people want which spreads like wildfire and simply takes down phones through poor coding.

  2. In the past, Google was able code a fix for the vulnerabilities, but it took several months, if ever, for those patches to reach users. With this new exploit it is nearly impossible to code a universal fix. Ouch.

    “Vulnerable components of these 3rd party mRSTs are often pre-loaded on devices or included as part of a manufacturer or network provider’s approved software build for a device. This creates significant difficulty in the patching process and makes affected components impossible to remove or to work around.”

    1. If deemed serious enough by carriers perhaps they can notify users on how to disable the proper App/Service.. Might not be able to remove it from device memory but there are ways to prevent it from running or being displayed normally.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.