It seems like it’s been days since we heard of the last major Android hack. Well wait no longer! Check Point today reported a really fun new exploit dubbed Certifi-gate!
What does it do?
Certifi-gate allows the bad guys to take complete control of an Android phone! They can watch what you do, or simply take over from you!
How does it work?
Well there’s a vulnerability see? And this vulnerability lies in the mobile Remote Support Tool. This tool is what OEM’s preinstall on devices so that they can offer tech support to users, giving the support staff the ability to replicate the phone’s screen on a remote device, and operate the phone remotely. The problem is, this vulnerability allows malicious apps, and therefore malicious people, to take control of this tool, and therefore, total control of the phone! How fun!
Engadget that most OEM’s have released a patch to fix the vulnerability, however, this is Android, and we know that most of these phones will remain unpatched as users await their carriers to send it out to them.
Google released a statement;
“in order for a user to be affected, they’d need to install a potentially harmful application which we continually monitor for with VerifyApps and SafetyNet. We strongly encourage users to install applications from a trusted source, such as Google Play.”
Of course! You’ll be safe with Google Play! Although it wasn’t too long ago that it was discovered some very popular apps on Google Play were in fact undercover porn clickers. Additionally, Check Point made it clear that with this vulnerability, an app could look legitimate and have no issues
passing Google Play’s security checks.
Want an evil-doer to take control of your phone while you watch helplessly at the phone in your hand? Well it appears there’s an app for that.