View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Android world shaken anew with Certifi-gate flaw

Check Point reveals previously undiscovered management flaw at Black Hat summit.

By Alexander Sword

With the Android world still reeling from the Stagefright vulnerability, Check Point has released details of an unknown vulnerability in the OS called Certifi-gate.

Certifi-gate is a set of vulnerabilities in the authorisation methods between mobile Remote Support Tool applications and system-level plugs.

The Remote Support applications, pre-installed on some Android devices, allow support staff to remotely take over devices to resolve issues.

Due to "numerous faulty exploitable implementations of this logic," the function could be used by malicious applications to gain unrestricted access to the device without detection, increasing their privileges to gain access to user data and even perform user functions.

The problem was seen in apps such as TeamViewer, with over 5 million downloads in Google Play, RSupport with over 10 million downloads, and CommuniTake.

"Our team’s research demonstrates how some aspects of the Android ecosystem architecture are potentially flawed," said the accompanying report. "These flaws could expose sensitive information on devices, including both personal and enterprise content.

"In order to support advanced usages such as remote support, vendors and OEMs may abuse Android’s privileged permissions mechanism. OEMs could sign third party apps with their certificate to let it obtain privileged permissions.

Content from our partners
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Financial management can be onerous for CFOs, but new tech is helping lighten the load

"This means that third party code that doesn’t go over scrutinised code review could gain access to sensitive system resources. The problem is further intensified because vulnerable apps cannot be completely revoked."

Bob Tarzey, Analyst at Quocirca, explained to CBR the implications of the findings for Android.

"All software contains vulnerabilities, many can go undiscovered for years (such as these two), until someone finds the vulnerability and either uses if it for bad purposes or publicises it through responsible disclosure (such as Check Point has in this case).

"Until discovered vulnerabilities are mostly harmless, only when someone develops the means to use the vulnerability (an exploit kit) does it become an exploit. Neither of these two recent vulnerabilities seems to have been exploited as yet.

"The fact Check Point and others are pro-actively researching Android is good, it is better they find vulnerabilities before the Blackhats do.

"That said, who knows what the Blackhats have found in Android and are working on; they will not seek the same publicity, but aim to keep things quiet to achieve their nefarious goals.

"The real message here is that Android, like all software, has vulnerabilities and the Android community, led by Google, needs to up its game."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU