The recent glut of Android vulnerabilities hasn’t reached the end. Yet another one has popped up on the platform of choice for hundreds of millions of users. Recently, a mobile research team at Check Point Software Technologies documented under the code name ‘Certifi-gate’ an array of vulnerabilities hidden in the layer between mobile Remote Support Tool apps (mRST) and system privileged areas on an Android device. In some cases, mRST apps are preloaded on devices by cellular operators and/or vendors to ensure they can provide their customers faster and more efficient technical support for their devices, when and if needed; but these support plug-ins can also be installed later from Google Play.
An attacker could build a malicious application to masquerade as the original remote supporter with system privileges on the device, and therefore obtain untethered and silent access to highly sensitive resources like storage, contacts, photos, geo-location, microphone etc.
Am I at risk?
Avira Vulnerability Checker app is designed to accurately detect whether your device is susceptible to a host of exploits, including the newly-discovered Certifi-gate.
In seconds after install you will have a clear indication whether you’re safe or not.
How can I protect myself?
If test above turns positive, then:
- If your device came preloaded with the troublesome support plugin, it’s impossible to remove the affected components or to work around. The advice here is to make sure that your device always runs on the latest Android version that’s crafted for it. If this is already the case, you should contact your device manufacturer to receive information regarding security updates.
- If the remote support plugin that puts you at danger was „retrofit” by you, make sure this is up to date. If it’s already running the latest version, we encourage you to uninstall it until its maker builds in the patches that closes down the vulnerability.
On top, we insist on adopting these prophylactic measures as a natural practice for your mobile digital life:
- Use a mobile security solution. Avira offers one of the most efficient and robust security & mobile antivirus products, for free: https://play.google.com/store/apps/details?id=com.avira.android
- Examine carefully each application before installing it to make sure it’s legitimate, and only install apps from trustworthy sources, such as Google Play.