Today's high-level Android vulnerability is called Certifi-gate. As you might have guessed, it gets its name from an underlying problem with the way the operating system handles digital certificates in the context of remote support tools (RSTs). The vulnerability can let an attacker gain full control over a victim's device.
Here's roughly how it goes. A bog-standard RST app will usually ask for a normal set of user permissions, but it also needs to install a plugin with elevated permissions so it can perform its tasks. While the RST is digitally signed by its vendor, the plugin needs to be signed by the device's OEM. Due to the coupling of these components, the app itself ends up gaining elevated permissions. Thus, an attacker can exploit a vulnerability in the RST to gain control over the device.
There are several problems with this approach. An OEM can carelessly sign a plugin without checking whether the underlying code is secure. If the application's vendor needs to update its plugin, it has to wait for the OEM to sign it again. Also, since Android doesn't have an app certificate revocation mechanism, a user with an older version of an app remains vulnerable until they install the latest version. Last but not least, the user has relatively little control over the plugin: it won't show an icon in the launcher since it's an exported service, and the Play Store won't indicate that a plugin required by an RST requires elevated permissions.
Check Point, the company that disclosed the vulnerability, has analyzed multiple remote support tools. It found that TeamViewer, RSupport, AnySupport, and CommuniTake are vulnerable. It has also built an app that will scan your device for the vulnerability.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Alphacool shows off Eisbrecher radiator and GPX waterblocks||1|
|Rumor: More GTX 1050 Ti and 1080 Ti details pop up||27|
|Cooler Master's MasterBox 5 and Zalman's Z9 Neo cases reviewed||7|
|Deals of the week: cheap mobos and a GTX 950||3|
|Thermaltake revs up Engine 27 low-profile CPU cooler||15|
|Logitech C922 Pro Stream webcam dispenses with green screens||17|
|MSI 100-series BIOS updates show Kaby Lake drops into LGA 1151||14|
|Razer revamps Kraken headsets with big drivers and metal bodies||10|
|Corsair Vengeance LED RAM family now sings the blues||6|