U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Certifi-Gate, a new Android flaw allows hackers to control your mobile

Certifi-Gate is the name of a new vulnerability affecting Android mobile devices discovered by Check Point security that could be exploited to control them. Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently discovered a new vulnerability dubbed Certifi-Gate which could be […]

Certifi-Gate, a new Android flaw allows hackers to control your mobile

Certifi-Gate is the name of a new vulnerability affecting Android mobile devices discovered by Check Point security that could be exploited to control them.

Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently discovered a new vulnerability dubbed Certifi-Gate which could be exploited by hackers to control a mobile device by using a pre-installed plugin in Android devices.

You may know that almost all manufacturers pre-install “Remote Support Tool (mRST)” plugins in order to aid users to use tools such TeamViewer, RSupport, etc etc.

What this vulnerability does is using the mRTS plugin as entry point for “bad” applications that can control the mobile device, even if it is not rooted.

Android certifi-gate flaw

Researchers at Check Point explained that the “Certifi-Gate” vulnerability lies in the way manufacturers of Android devices use certificates to sign the mRST tools.

Another problem is that even if your phone is not rooted, this type of applications have root level access, so easily can gain access to:

  • screen scraping
  • keylogging
  • exfiltrating private information
  • installing malware apps, and more

As said before, this vulnerability affects millions of Android users, and the sad part about it is that users cannot uninstall the mRST plugin because it’s part of the core system.

“An attacker can exploit mRATs to exfiltrate sensitive information from devices such as location, contacts, photos, screen capture, and even recordings of nearby sounds.”

“While analyzing and classifying mRATs, our research team found some apps share common traits with mRST. Known mRAT players include HackingTeam, mSpy, and SpyBubble.” reports the Check Point’s paper

Ho to verify if the mobile device is vulnerable?

Check Point has released a mobile app that can be found here:

https://play.google.com/store/apps/details?id=com.checkpoint.capsulescanner

The app detects if your android phone is vulnerable or not to the Certifi-Gate vulnerability, and shows if the mobile was already hit by attackers.

Since Android manufacturers are known to take time in releasing patching to the users, this many take some time until is fixed.

Check out the videos:

 

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – Certifi-Gate, Android)