LG phones most exposed to new Certifi-gate vulnerability

More than 70 percent of Android phones from LG have a plugin installed that exposes them to the Certifi-gate remote support app vulnerability, where a rogue application -- or even a text message -- can completely take over a device

More than 70 percent of Android phones from LG have a plugin installed that exposes them to the Certifi-gate remote support app vulnerability, where a rogue application -- or even a text message -- can completely take over a device.

Check Point Software Technologies reported the vulnerability in April to Google, device manufacturers, and the remote support app vendors but, so far, none of the device manufacturers have pushed out updates to their customers.

Although LG devices are most exposed, 18 percent of Samsung devices also have the vulnerable plugin, as well as 9 percent of HTC devices, according to a Check Point scan of around 100,000 smartphones.

But even devices that don't currently have the vulnerable plugin installed are at risk, if an app either maliciously or accidentally installs the plugin. Of Samsung smartphones, an additional 67 percent are at risk of this, as are 19 percent of LG phones, and 86 percent of HTC phones.

Check Point publicly disclosed the problem at Black Hat in Las Vegas earlier this month, and released a vulnerability scanner app that has been installed around 100,000 times.

Overall, 58 percent of all the devices scanned are potentially vulnerable to this exploit, the company said.

How it works

In order to make it easier for customers to get technical support, some smartphone manufacturers bundle remote support apps that allow techs to take over the handset.

"Most of the new LG devices come with pre-installed support software," said Michael Shaulov, Check Point's head of mobility product management. "And in order to actually operate, you can understand that this software requires very high privileges."

The problem is two-fold. First, the apps have authentication issues that allow unauthorized access. So far, two of the three vendors have fixed the access problems, but the old, insecure versions of the software are still around.

"In the cases where the support tool was pre-installed on the device, if the device manufacturer or carrier is not pushing the update to the users, the users can't update it by themselves," said Shaulov. "And none of the carriers have done the push so far."

Second, while the remote access software is signed with the manufacturer's digital certificates, there is no easy way to revoke those certificates, said Shaulov.

That means that even if the manufacturers and carriers do push out an update of the remote support software -- or the software was never installed on the device in the first place -- a third-party application can install the older, vulnerable version.

That is exactly what an app called "Recordable Activator" did. In order to allow users to record their screens without rooting the devices -- a feature not normally available on Android phones -- the app downloaded one of these remote support tools, and then leveraged the access provided to make screen recordings.

Google has since removed the Recordable Activator app from the Google Play store.

Permanent fix

According to Check Point, device manufacturers need to push out a patch to their smartphones that revokes the certificates that the old vulnerable remote support tools were signed with.

Until then, users are warned to only download apps from the official stores, and to run the vulnerability scanner after installing any apps that might be questionable.

Join the CSO newsletter!

Error: Please check your email address.

Tags samsungmobile securityAndroidmobile

More about Check PointCheck Point Software TechnologiesCSOGoogleHTCLGPoint Software TechnologiesSamsungSoftware Technologies

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place