Certifi-Gate, a new Android flaw allows hackers to control your mobile

Certifi-Gate is the name of a new vulnerability affecting Android mobile devices discovered by Check Point security that could be exploited to control them.

Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently discovered a new vulnerability dubbed Certifi-Gate which could be exploited by hackers to control a mobile device by using a pre-installed plugin in Android devices.

You may know that almost all manufacturers pre-install “Remote Support Tool (mRST)” plugins in order to aid users to use tools such TeamViewer, RSupport, etc etc.

What this vulnerability does is using the mRTS plugin as entry point for “bad” applications that can control the mobile device, even if it is not rooted.

Researchers at Check Point explained that the “Certifi-Gate” vulnerability lies in the way manufacturers of Android devices use certificates to sign the mRST tools.

Another problem is that even if your phone is not rooted, this type of applications have root level access, so easily can gain access to:

screen scraping
keylogging
exfiltrating private information
installing malware apps, and more

As said before, this vulnerability affects millions of Android users, and the sad part about it is that users cannot uninstall the mRST plugin because it’s part of the core system.

“An attacker can exploit mRATs to exfiltrate sensitive information from devices such as location, contacts, photos, screen capture, and even recordings of nearby sounds.”

“While analyzing and classifying mRATs, our research team found some apps share common traits with mRST. Known mRAT players include HackingTeam, mSpy, and SpyBubble.” reports the Check Point’s paper.

Ho to verify if the mobile device is vulnerable?

Check Point has released a mobile app that can be found here:

https://play.google.com/store/apps/details?id=com.checkpoint.capsulescanner

The app detects if your android phone is vulnerable or not to the Certifi-Gate vulnerability, and shows if the mobile was already hit by attackers.

Since Android manufacturers are known to take time in releasing patching to the users, this many take some time until is fixed.

Check out the videos:

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – Certifi-Gate, Android)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.