Millions of Android devices are seriously endangered

On Thursday, August 6, during a briefing at Black Hat USA 2015 in Las Vegas, Check Point Software Technologies announced that its mobile security team has discovered the vulnerability of the Android system, which affects the devices of major manufacturers, including LG, Samsung, HTC and ZTE.

"Certifi-gate" is a vulnerability that allows applications to obtain unauthorized access rights that are usually used by remote support applications that are either pre-installed or installed personally on the device. Attackers can use Certifi-gate to gain unlimited access to the device, thus enabling, among other things, theft of personal data, tracking the location of the device or switching on the microphones to record conversations.

The Android system does not allow to invalidate certificates that provide privileged permissions in any way. Without the patch, without the possibility of circumvention, the devices are susceptible straight out of the box. All affected producers were informed by Check Point about Certifi-gate and began to provide updates. Vulnerability can not be fixed, it can be updated when a new version of the software is sent to the device - it is a very slow process. Android also does not allow you to cancel certificates used to sign vulnerable plugins.

Every day, people around the world use mobile devices to manage important aspects of their lives - they use business mailboxes, bank accounts and track their health information, "said Dorit Dor, vice president of products at Check Point Software Technologies. The problem is that they rarely think about whether their data is safe. This vulnerability can be very easily used and lead to the loss and dissemination of personal data. It's time to take the matter of mobile security seriously.

The company has recently launched Check Point Mobile Threat Prevention, a new solution for business customers that can be used to combat evolving mobile threats. It has the highest level of security on iOS and Android solution, allows you to analyze data on threats in real time and insight into the infrastructure of security and mobility. The implementation is simple and allows not only integration with the existing security infrastructure, but also transparent for the user, which preserves privacy and improves efficiency.

Android users can check the susceptibility of their device to Certifi-gate by downloading the free Check Point Certifi-gate scanner from the Google Play store .

source: Chech Point



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.