14 DAY TRIAL // A new vulnerability discovered by Check Point security researchers, revealed at the Black Hat USA 2015 conference in Las Vegas, allows an attacker to get full remote control over a device using the mobile Remote Support Tools (mRSTs).
Android owners can't spend a week without security experts scaring the bejesus out of them. It seems that, every time they think they've dodged a bullet, another security flaw is discovered, worse than the previous.
After Stagefright and the bug that turned devices into zombie-phones, a new problem has been found, this time in built-in tools packed with almost every phone, used by support staffs around the world.
The vulnerability resides in the phone's support tools
These support tools (mRSTs) were added to Android devices to allow IT departments to perform various debugging and troubleshooting tasks without the user having to turn in their smartphone or tablet to a support center.
They allow support staff to connect from afar, interact with the user's device, and even apply patches.
Because mRSTs have system-level privileges on the device, this makes them an ideal target for hackers.
The Check Point team has analyzed the authentication methods through which mRSTs validate a support application used from a remote location by IT departments, and have found out that malicious actors could easily masquerade as valid support applications and carry out attacks with system-level privileges on any device.
Attackers can gain full, authorized access to the phone
This allows them access to absolutely any phone function, meaning they could intercept phone calls, steal messages, access photos, install applications, and about anything else you could think of.
According to the Check Point research paper, the vulnerability has been found in support applications from the following vendors: AnySupport, CommuniTake, RSupport, and TeamViewer.
The same paper states that hundreds of millions of Android devices are vulnerable and "The problem is further intensified because vulnerable apps can not be completely revoked."
This means that "even after a fixed version is released, an attacker could use the old version to get control of the device."
Vendors of Android devices have been informed of the vulnerability in due time, but only HTC has announced it's working on a fix.
The security researchers at Check Point have created an app to tell you if your phone is vulnerable to the Certifi-Gate bug. You can get it from the Google Play store.
Below are two videos demoing the vulnerability, which, in case they go down, you can also view on Check Point's blog.
