Previous Story
Hundreds of millions of Android devices could be hijacked through remote
Separately, both Google and Samsung said on Thursday that they would release regular security updates for Android phones after hundreds of millions were found to be susceptible to hackers, simply by receiving a message.
Certifi-gate takes over the phone manufacturers’ remote access functions.
Following Zimperium’s Stagefright revelations in late July, Google, Samsung and LG this week said they would start providing more frequent – about once a month – security updates for their Android devices.
These tools function as system applications, have a lot of powerful permissions and are digitally signed with manufacturers’ certificates.
Researchers at Check Point Software Technologies have identified a vulnerability in Android phones that could let hackers take over devices remotely, steal personal data and even turn phones into spying devices. “Left unmatched, and with no reasonable workaround, devices are exposed right out of the box”. Currently, the Black Hat conference is going on down in Las Vegas, and the Check Point team have just published a report on this vulnerability that affects a big chunk of Android smartphones. Check Point told IBTimes UK ahead of its Black Hat presentation that it is yet to see the vulnerability being exploited in the wild, but that the bug could nonetheless be “very easily exploited”, should a hacker wish to do so.
Most of the flagship phones from different vendors come preloaded with remote support tools, Check Point researchers Ohad Bobrov and Avi Bashan said. “The issue they’ve detailed pertains to customizations OEMs make to Android devices and they are providing updates which resolve the issue”.
In an emailed statement, Google thanked the researchers and noted that the company’s Nexus devices are not affected and it hasn’t seen any exploitation attempts so far. “In order for a user to be affected, they’d need to install a potentially harmful application which we continually monitor for with VerifyApps and SafetyNet”.
“Every day, people around the globe use mobile devices to manage important aspects of their lives: they access work email, manage bank accounts, and track health information”, said Doros Hadjizenonos, Country Manager of Check Point South Africa.
The security company disclosed the vulnerability to Google, app developers and manufacturers adding that the only way to fix the Certifi-Gate vulnerability is by pushing a new software build to the affected devices, a process it has called “notoriously slow”.
A new vulnerability known as Certifi-gate has been spotted in Android, affecting millions of devices. Deployment is easy and not only has integration into an organisations mobility and security infrastructure but it also provides a transparent user experience that maintains privacy and performance.
