Last week Check Point discovered Certifi-Gate-based vulnerability which could take complete control of Android devices. This serious security vulnerability has made millions of Android devices vulnerable and are open in the wild.The mRTS plugin allows malicious applications to gain privileged access rights, even if your device is not rooted .
The vulnerability is in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugins. Many Android manufacturers pre install mRST on their phones to help users for team viewer.
Google kind of washed its hands and this is what was told by Google spokesman. “We want to thank the researcher for identifying the issue and flagging it for us. The issue they’ve detailed pertains to customizations OEMs make to Android devices and they are providing updates which resolve the issue.”
Bashan, researcher from Checkpoint said that it’s possible for an app that exploits the vulnerability to get through the Google Play verification service because the app can look perfectly legit while its associated plugin could lead to the device being compromised.
Checkpoint has provided a detailed report and a scanner to verify http://www.checkpoint.com/resources/certifigate/
How to prevent from this vulnerability ?
Checkpoint has an app to detect if an Android device is vulnerable to Cert-Gate vulnerability.
Full demo from The Hacker News on youtube below