Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently discovered a new vulnerability dubbed Certifi-Gate which could be exploited by hackers to control a mobile device by using a pre-installed plugin in Android devices.
You may know that almost all manufacturers pre-install “Remote Support Tool (mRST)” plugins in order to aid users to use tools such TeamViewer, RSupport, etc etc.
What this vulnerability does is using the mRTS plugin as entry point for “bad” applications that can control the mobile device, even if it is not rooted.
Researchers at Check Point explained that the “Certifi-Gate” vulnerability lies in the way manufacturers of Android devices use certificates to sign the mRST tools.
Another problem is that even if your phone is not rooted, this type of applications have root level access, so easily can gain access to:
As said before, this vulnerability affects millions of Android users, and the sad part about it is that users cannot uninstall the mRST plugin because it’s part of the core system.
“An attacker can exploit mRATs to exfiltrate sensitive information from devices such as location, contacts, photos, screen capture, and even recordings of nearby sounds.”
“While analyzing and classifying mRATs, our research team found some apps share common traits with mRST. Known mRAT players include HackingTeam, mSpy, and SpyBubble.” reports the Check Point’s paper.
Ho to verify if the mobile device is vulnerable?
Check Point has released a mobile app that can be found here:
The app detects if your android phone is vulnerable or not to the Certifi-Gate vulnerability, and shows if the mobile was already hit by attackers.
Since Android manufacturers are known to take time in releasing patching to the users, this many take some time until is fixed.
Check out the videos:
Edited by Pierluigi Paganini
(Security Affairs – Certifi-Gate, Android)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.