Today's high-level Android vulnerability is called Certifi-gate. As you might have guessed, it gets its name from an underlying problem with the way the operating system handles digital certificates in the context of remote support tools (RSTs). The vulnerability can let an attacker gain full control over a victim's device.
Here's roughly how it goes. A bog-standard RST app will usually ask for a normal set of user permissions, but it also needs to install a plugin with elevated permissions so it can perform its tasks. While the RST is digitally signed by its vendor, the plugin needs to be signed by the device's OEM. Due to the coupling of these components, the app itself ends up gaining elevated permissions. Thus, an attacker can exploit a vulnerability in the RST to gain control over the device.
There are several problems with this approach. An OEM can carelessly sign a plugin without checking whether the underlying code is secure. If the application's vendor needs to update its plugin, it has to wait for the OEM to sign it again. Also, since Android doesn't have an app certificate revocation mechanism, a user with an older version of an app remains vulnerable until they install the latest version. Last but not least, the user has relatively little control over the plugin: it won't show an icon in the launcher since it's an exported service, and the Play Store won't indicate that a plugin required by an RST requires elevated permissions.
Check Point, the company that disclosed the vulnerability, has analyzed multiple remote support tools. It found that TeamViewer, RSupport, AnySupport, and CommuniTake are vulnerable. It has also built an app that will scan your device for the vulnerability.
|Razer Kiyo and Seiren X set the stage for streaming excellence||19|
|MSI Cubi 3 Silent and Silent S can be seen but not heard||13|
|Massdrop's Vast 35" VA display lives up to its name||31|
|Spitballing the performance of Nvidia's purported GTX 1070 Ti||22|
|Friday deals: a huge monitor, racing gear, audio, and more||22|
|G.Skill 3800 MT/s SO-DIMMs put lightning in tiny bottles||9|
|Cooler Master bedazzles the MasterLiquid Lite ML120L and ML240L||4|
|Razer Electra V2 offers affordable immersion||8|
|Samsung 360 Round camera captures the world from all angles||11|