August 26, 2015 by

Google Pulls Plug on Vulnerability Exploiting App

Google has removed a mobile application exploiting the Certifi-gate vulnerability uncovered and publicized at the Black Hat conference earlier this year from the Google Play store.

Recordable Activator, a screen recorder app developed for Android phones, tablets, and other devices has been removed from the Google Play store by Google after the app was found to exploit a vulnerability dubbed ‘Certifi-gate,’ ThreatPost reports.

Researchers at Check Point technologies, who discovered the original vulnerability note that the number of installs for the application is anywhere between 100,000 and 500,000. However, the vulnerability was successfully exploited on only three Android devices, the researchers say.

Related article: Researchers Uncover a New Android SMS Vulnerability

“From our research team’s perspective, the developer did a poor job of protecting the interaction with subcomponents,” Check Point noted. “The communication with the Recordable Activator component can be spoofed without any authentication, thus allowing any malicious app to record the screen of the device.”

Certifi-gate comes to the fore.

Check Point’s very own Certifi-gate scanner application collected the data about the exploits; the company explained in a blog post. Other highlights from the scans show that:

  • LG devices are the most vulnerable, along with Samsung and HTC.
  • 16% of devices scanned show that they contain the vulnerable plugins.
  • At least three devices sending anonymous scan results were actively being exploited.

The Certifi-gate vulnerability was initially revealed at the Black Hat conference earlier this month by the researchers. When exploited, it allows a malicious attacker to take complete remote control of the targeted device using a malware-laced application or a simple SMS message. The vulnerability stems from a third-party remote support tools that are usually pre-installed on Android devices by mobile manufacturers and carriers. These tools are also readily downloadable via the Play Store.

Since these support tools are routinely signed with OEM certificates, they have system-level privileges to handle remote support tasks. Check Point revealed that authentication roadblocks could easily be bypassed by a malicious application using these support tools.

With the tools being preinstalled, patching the vulnerability poses a daunting task. They’d require hardware manufacturers to push the patched ROMs to vulnerable devices.

“It will take a long time until there is a new version out there, but, what’s more, problematic is not only the bug itself, it’s the architecture,” Check Point researcher Ohad Bobrov said. “The vendors and OEMS signed this vulnerable mRST (mobile remote support tools) with their certificate. You can’t revoke it, otherwise the plugin won’t work.”

Image Credit: Flickr

 

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward

$3 Million in Cryptocurrency: Hackers Pull Off “One of Biggest Mining Operations” Ever

Hackers targeting the servers of popular open source Java-based automation program Jenkins CI have...

Read more arrow_forward

Cyberattacks Cost Up to $109 Billion in 2016: White House Report

In a report on Friday, the White House Council of Economic Advisers estimated that malicious cyber...

Read more arrow_forward