• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Google News

Android Devices Vulnerable to Certifi-Gate Flaw Exploited By Remote Support Apps

August 27th, 2015 Waqas Android, Google News, Security, Technology News 0 comments
Android Devices Vulnerable to Certifi-Gate Flaw Exploited By Remote Support Apps
Share on FacebookShare on Twitter

Officials at Check Point, the IT security vendor, have discovered a rogue app on the Google Play Store that is exploiting the recently identified Certifi-gate bug.

Recordable Activator (downloaded by 6,083 users), the application that has been accused of this malicious behavior, is a screen-recording app that was created by Invisibility, a UK-based company.

[must url=”https://www.hackread.com/android-malware-apps-hacking-facebook/”]One Million Android Users Infected With Facebook Hacking Malware Apps[/must]

android-devices-vulnerable-to-certifi-gate-flaw-exploited-by-remote-support-apps-5

This bug allows unauthorized access to a person’s Android device, giving the attacker complete control over it. However, in the case of Invisibility’s app, an attacker’s control is extremely limited – they can only mirror the contents of the affected device’s screen.

android-devices-vulnerable-to-certifi-gate-flaw-exploited-by-remote-support-apps

The app has been removed from Google Play store

android-devices-vulnerable-to-certifi-gate-flaw-exploited-by-remote-support-apps-2

The app was used by 6000+ users.

Although Google promptly proceeded to take the app off the Store, the underlying cause for the bug still lies in the operating system’s core plugins. The ‘Remote Support Tool’ (mRST) plugin comes pre-installed by a majority of device manufacturers and is used primarily for services like TeamViewer.

android-devices-vulnerable-to-certifi-gate-flaw-exploited-by-remote-support-apps-3

To limit the harm caused by the bug, TeamViewer developers implemented safety measures into their app, according to a press release.

A spokesperson from the company stated that their “updated version of TeamViewer QuickSupport for Android includes an improved security mechanism to ensure safe communication between internal app components”.

However, since older versions of the plugin still exist on many devices, Check Point has cautioned that attackers can still find a way into them through a third-party server.

The director of Invisibility, Christoper Fraser, has stated that he was oblivious about the existence of the bug and that he never intended to exploit people’s privacy. Fraser added that while he was getting his own plugin for the app signed, he discovered the open-source TeamViewer QuickSupport app.

“The plugins allowed [third-party] applications to access the screen so I added support for using that via the Recordable Activator app,” he said.

From almost 30,000 scan results collected by Check Point, they have concluded that although only 0.01% of the devices were exploited, almost 42% devices were vulnerable and 16% had vulnerable versions of the plugin.

Report typos and corrections to admin@hackread.com

[src src=”Source” url=”http://blog.checkpoint.com/2015/08/25/certifigate-statistics-exploitation-mitigation/”]CheckPoint[/src]

  • Tags
  • Android
  • Certifi-gate
  • Google
  • Google Play
  • Google Play Store
  • hacking
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Prevent Windows 10 From Spying On Your Search Data
Next article Online Child Predator Charged with 'Revenge Porn' Against Underage Girls
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

37
Why you should never use free a VPN
Drones

Why you should never use free a VPN

24
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

200

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us