Pierluigi Paganini August 10, 2015

Certifi-Gate is the name of a new vulnerability affecting Android mobile devices discovered by Check Point security that could be exploited to control them.

Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently discovered a new vulnerability dubbed Certifi-Gate which could be exploited by hackers to control a mobile device by using a pre-installed plugin in Android devices.

You may know that almost all manufacturers pre-install “Remote Support Tool (mRST)” plugins in order to aid users to use tools such TeamViewer, RSupport, etc etc.

What this vulnerability does is using the mRTS plugin as entry point for “bad” applications that can control the mobile device, even if it is not rooted.

Researchers at Check Point explained that the “Certifi-Gate” vulnerability lies in the way manufacturers of Android devices use certificates to sign the mRST tools.

Another problem is that even if your phone is not rooted, this type of applications have root level access, so easily can gain access to:

• screen scraping
• keylogging
• exfiltrating private information
• installing malware apps, and more

As said before, this vulnerability affects millions of Android users, and the sad part about it is that users cannot uninstall the mRST plugin because it’s part of the core system.

“An attacker can exploit mRATs to exfiltrate sensitive information from devices such as location, contacts, photos, screen capture, and even recordings of nearby sounds.”

“While analyzing and classifying mRATs, our research team found some apps share common traits with mRST. Known mRAT players include HackingTeam, mSpy, and SpyBubble.” reports the Check Point’s paper. 

Ho to verify if the mobile device is vulnerable?

Check Point has released a mobile app that can be found here:

https://play.google.com/store/apps/details?id=com.checkpoint.capsulescanner

The app detects if your android phone is vulnerable or not to the Certifi-Gate vulnerability, and shows if the mobile was already hit by attackers.

Since Android manufacturers are known to take time in releasing patching to the users, this many take some time until is fixed.

Check out the videos:

Edited by Pierluigi Paganini

(Security Affairs – Certifi-Gate, Android)