‘Certifi-Gate’ Security Flaw Hits Millions Of Android Devices

CyberCrimeSecurity
0 28 No Comments

Smartphones from LG, Samsung, HTC and ZTE could all be at risk, Check Point team warn

Android smartphone users have been warned about another serious vulnerability that could allow hackers to hijack their devices.

Researchers at security firm Check Point have uncovered a major flaw that it says could be affecting hundreds of millions of Android users all over the world, even those running the latest version of Android 5.0 Lollipop.

The problem could put devices from leading manufacturers such as Samsung, LG and HTC at risk, the team revealed, allowing hackers to take complete control of their devices and steal personal data.

Bolted

certifigate_appThe “Certifi-gate” vulnerability allows applications to gain illegitimate privileged access rights, which are typically used by remote support applications that are either pre-installed or personally installed on Android devices, meaning devices can be at risk straight out of the box.

Check Point says that the vulnerability can be ‘very easily exploited’ to give hackers unrestricted access to the affected devices, allowing them to steal personal data, track device locations, turn on microphones to record conversations, and more.

The company says it has contacted all the affected vendors, and all have begun releasing updates. However the team warns that ‘Certifi-gate’ cannot be fixed, and can only be updated when a new software build is pushed to the device, which is often a notoriously slow process.

Android users can check to see if their device has been affected using a free Check Point app, (pictured above) available on Google Play Store from today.

The flaw is the second major vulnerability to hit Android devices within the last two weeks, following the uncovering of the ‘Stagefright’ bug last week which could affect up to a billion Android smartphones.

However Google has announced it will be providing more in-depth and regular security updates to Android users by releasing monthly security upgrades. The updates will cover most of the company’s Nexus devices and will also be available to selected Samsung smartphones as Google looks to better protect customers using its mobile OS.

Are you a security pro? Try our quiz!


Click to read the authors bio  Click to hide the authors bio