Forget Stagefright, Certifi-Gate vulnerability allows for complete remote control of Android phones
There have been numerous stories in recent days about the threat posed by Stagefright to Android users. A more serious threat has been revealed at Black Hat USA 2015, however -- one that affects hundreds of millions of Android devices. Known as Certifi-gate, a vulnerability has been found in Remote Support Tools which could allow for hackers to take full control of phones.
The security issue was discovered by Check Point, who has notified handset manufacturers of the vulnerability, and launched an app that you can use to see if your handset is affected. Stagefright led to many handset manufacturers announcing a switch to monthly security updates, and some have already issued a fix for Certifi-gate. However, it seems that HTC is a little slow off the mark this time around, particularly when it comes to patching newer phones.
In a statement to CBS News, HTC said: "Working with Google, HTC has already begun rolling the fix into our software, and we will deliver these updates first to the HTC One M9 and the newest HTC Desire products." Check Point has released a full report into Certifi-gate, but if your Android device is found to be vulnerable, there is very little that you can do about it.
Patching is made difficult due to the fact that mobile Remote Support Tools are often pre-loaded onto handset. This means that they cannot be easily removed, and updates can only really be gained through the manufacturer.
Explaining the vulnerability, Check Point says:
Certifi-gate is a set of vulnerabilities in the authroization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner.
Check Point researchers examined the verification methods by which trusted components of the mRSTs validate remote support applications, and discovered numerous faulty exploitable implementations of this logic. This allows mobile platform attackers to masquerade as the original remote supporter with system privileges on the device.
You can download a free copy of the Certifi-gate Scanner app from Google Play to check the status of your phone or tablet.