25 Aug 2015 at 13:34, John Leyden
Vulnerable plug-ins have been installed on hundreds of thousands of Android devices, allowing screens to be recorded, according to data from the scanning tool which discovered that the so-called Certifi-gate vulnerability is already being exploited in the wild.
The Certifi-gate vulnerability was disclosed by security researchers at Check Point during the Black Hat conference in Las Vegas earlier this month.
The Check Point team also released a scanner app that checks Android devices for the vulnerability. Users have the option to share scan results with Check Point.
The Certifi-gate scanner app has nearly 100,000 downloads on Google Play, and Check Point has received over 30,000 anonymous scan results from users. These anonymous stats have allowed Check Point to access the level of exposure to the vulnerability across different devices and vendors.
More than 40 per cent of all the scan samples showed devices were vulnerable to Certifi-gate.
full article
Userlevel 7
The following article is a update:
************************************
http://www.eweek.com/imagesvr_ce/4326/290_AndroidSecurity.jpgThe flaw, which was first reported at the Black Hat USA conference in early August, could enable an attacker to take over an Android device.
At the Black Hat USA security conference on Aug. 6, security researchers from Check Point publicly announced a new Android flaw dubbed "Certifi-gate." Now, nearly three weeks later, Check Point has published statistics on the impact of the flaw that could potentially enable an attacker to take over an Android device.
The Certifi-gate flaw is all about privileged certificates used by OEM vendors to sign remote support tool (mRST) apps. The risk is that an attacker could potentially make use of the OEM vendor certificates to gain privileged access on an Android device.
When the Certifi-gate flaw was first announced, Check Point also released a mobile scanning tool that enables users to scan Android devices to see if they are vulnerable to the Certifi-gate issue. According to Check Point, from Aug. 6 until Aug. 19, there were approximately 100,000 downloads of the Certifi-gate scanner app. Approximately 30,000 people who downloaded the app opted to send their information anonymously to Check Point. full article
************************************
Android Certifi-gate Flaw Still a Risk, Despite Few Victims.
By Sean Michael Kernerhttp://www.eweek.com/imagesvr_ce/4326/290_AndroidSecurity.jpgThe flaw, which was first reported at the Black Hat USA conference in early August, could enable an attacker to take over an Android device.
At the Black Hat USA security conference on Aug. 6, security researchers from Check Point publicly announced a new Android flaw dubbed "Certifi-gate." Now, nearly three weeks later, Check Point has published statistics on the impact of the flaw that could potentially enable an attacker to take over an Android device.
The Certifi-gate flaw is all about privileged certificates used by OEM vendors to sign remote support tool (mRST) apps. The risk is that an attacker could potentially make use of the OEM vendor certificates to gain privileged access on an Android device.
When the Certifi-gate flaw was first announced, Check Point also released a mobile scanning tool that enables users to scan Android devices to see if they are vulnerable to the Certifi-gate issue. According to Check Point, from Aug. 6 until Aug. 19, there were approximately 100,000 downloads of the Certifi-gate scanner app. Approximately 30,000 people who downloaded the app opted to send their information anonymously to Check Point. full article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.