Wednesday, 26 August 2015

Certifi-Gate Leak Used By Android App On Google Play

Researchers have discovered an app on Google Play that the "Certifi gate leakage" used at the beginning of this month it was revealed. It involves installing a vulnerability in the cell Remote Support Tools (mRSTs) that many Android manufacturers and network providers and devices.

Using the tools to provide remote technical support helpdesk staff by replicating the screen of the user and made "clicks" on a remote console. The authentication method that is used to validate remote support-tools turns out to contain different vulnerabilities. An attacker can therefore occur when the helpdesk and system privileges given to the unit. Then an attacker could install malicious applications and access data. On one or more devices from LG, Samsung, HTC and ZTE are the support tools installed.

Recordable Activator

The vulnerability was discovered by security company Check Point. The security guard let know now that it has found an app on Google Play using the leak. It is the Recordable Activator app that between 100,000 and 500,000 downloads. The Recordable Activator app bypasses the permission model of Android to use a plug-in TeamViewer. With this plug-in app access to system resources and can record the screen.

TeamViewer is an application that allows remote access to computers can be obtained. It is separate from the Recordable Activator app. Commenting TeamViewer argues that the way the creators of the Recordable Activator app to use the Team Viewer plug-in is in conflict with the use of the code and third-party code TeamViewer not allowed to use.

The Recordable Activator app installs a vulnerable version of TeamViewer plugin extensions. Because the plug-in by different manufacturers is signed, it is trusted by Android and gets the system permissions. After this, the app makes use of the gate-leak-Gift Certificate and connects to the plug-in to receive the screen. After being informed, Google removed the app from Google Play.

No comments:

Post a Comment