Google has kicked out from the Play Store a mobile app that was recently found to have exploited the Certifi-gate feature on mobile devices.
Researchers from Check Point Software Technologies discovered the vulnerability, which has been detected in the Recordable Activator app, a tool for recording what is being displayed on a mobile device’s screen. Fortunately for the approximately 500,000 Android users who have downloaded the app, only three are found to have been affected by the Certifi-gate flaw.
It’s a commendable act that Google was able to remove the app before it could infect hundreds of thousands of smartphones and tablets that run its leading mobile operating system. According to data gathered by the researchers and based on data from scans of the Recordable Activator app, the most vulnerable devices include LG, HTC and Samsung.
The Certifi-gate vulnerability lets hackers gain complete control of your handset by using a malicious mobile app or SMS message. At the core of the vulnerability is a number of pre-installed third-party remote support services on your Android gadget. These tools are believed to contain malicious plugins.
Since these mobile remote support tools are signed with original equipment manufacturer certificates, they have system-level privileges to perform remote support tasks. According to the researchers that discovered the flaw, a malicious app can use any of these support tools in order to bypass authentication.
In particular, the security issue arises from a vulnerable version of the TeamViewer app being downloaded by Recordable Activator. There is also an insecure communication between the app and system-level plugins. In other words, the developer of the Recordable Activator app failed to put proper security measures in place to protect the way the app interacts with subcomponents.
What happens there is that any malicious app is allowed to record the device’s screen since an interaction with the Recordable Activator component can be tricked in the absence of a proper verification process.
The researchers also pointed out any malicious app can replicate an original mRST in order to gain access to the device. Why does this pose a serious problem? It is because the tool may be pre-installed in many mobile devices. Also, it would be hard to locate or identify these tools because they are not operated with a user interface, unlike an ordinary mobile app. There is no indication, therefore, of its existence on a certain device.
And since these tools come as a built-in feature of the device, it would be hard to fix the vulnerability because it takes a push update from the OEM.