Sign in / up

back to article Mobile device screens recorded using the Certifi-gate vulnerability

Vulnerable plug-ins have been installed on hundreds of thousands of Android devices, allowing screens to be recorded, according to data from the scanning tool which discovered that the so-called Certifi-gate vulnerability is already being exploited in the wild. The Certifi-gate vulnerability was disclosed by security …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. SuccessCase

    Given the app is downloaded from the PlayStore this is a mainstream Android vulnerability, that 16% of devices are affected is outstandingly bad. OK all OS's have the odd vulnerability exposed, however given iOS security updates are applied to iOS devices across the board and relatively quickly, really anyone in tech should be recommending iPhones to their non-techie friends. Controversial statement for many El Reg readers, I know, but really, if you are responsible and recognise many aren't able or motivated to keep on top of the tech security position of these devices, it shouldn't be controversial at all. At least not until Google get a faster turn around sorted out with the carriers. It's the only responsible thing to do. Even vendors who have patched the vulnerability in their handsets are doing so far too slowly. The downloaders of this app are going to be generally more tech/savvey/security aware and if ~40% of such a selective set have affected devices, what chance have the rest?

    What happened to all the Google promises of yester-year that security patches would be rolled out in a timely fashion?

    7 2 Reply
    1. SuccessCase
      Reply Icon

      Also, it is highly surprising PlayStore apps are exploiting the vulnerability, as this should be entirely preventable by Google. On my reading of the vulnerability, the apps need to have an ID matching a hardcoded ID expected by the compromised monitoring software the vendors have integrated with their handsets (the compromise is largely due to badly implemented workarounds for a bug in Google authentication code, where the vendors have coded their own half arsed authentication solutions). Google should be able to bar any apps presenting a known "spoofing" ID. Makes me wonder if the bad authentication measures are actually worse than Check-point reported.

      2 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Google's automated scanning that was supposed to resolve vulnerability issues like this seems to have some pretty major holes. Don't they have the ability to remotely disable apps after they've been downloaded from the Play Store? Why haven't they done that with these?

        1 1 Reply
        1. Graham Marsden
          Reply Icon
          Thumb Down

          @DougS - Don't they have the ability to remotely disable apps

          I don't know about you, but I would be more worried about the OS owner being able to control what apps can or can't run on *MY* phone.

          Sure, they can *tell* me that such and such an app has a vulnerability, but if they can stop a "bad" app from running, it's not a big step to stopping a good app for political or "security" purposes...

          8 2 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: @DougS - Don't they have the ability to remotely disable apps

            Well then I guess you should switch back to a dumbphone, because Google has had that power for 5+ years, and of course Apple has it aswell.

            http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html

            I wasn't wondering whether they HAVE the ability, the question was rhetorical. I was wondering why they didn't exercise it in this case.

            1 0 Reply
          2. MacGyver
            Reply Icon
            Flame

            Re: @DougS - Don't they have the ability to remotely disable apps

            @ Graham Marsden +1

            I'm getting pretty sick of not being able to do something with "my" device because someone else somewhere decided I shouldn't. Either it's my phone or it's not, and if it's not, why did I have to pay for it?

            Void my warranty, deny me support, fine whatever, but I shouldn't have to use a buffer-overflow exploit to install a superuser program because I want to uninstall something a manufacture has locked down. Maybe I wanted to record my screen, why? Because fcuk you Google, that's why.

            1 0 Reply
        2. Small Furry Animal
          Reply Icon

          @DougS 'Don't they have the ability to remotely disable apps after they've been downloaded from the Play Store?'

          Sounds a little like W10 to me. Thanks, but no thanks.

          1 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    These anonymous stats have allowed Check Point to access the level of exposure...

    I believe that should be assess, not access.

    0 0 Reply
  3. oneeye

    You can turn on and off Google's ability to remove apps, it is in the Google settings app. Look for verify and install apps setting.

    Check points work was based on a study done last year,and a presentation at Blackhat was given too. El Reg wrote about it a few weeks before this year's Blackhat. There is a link to the pdf of the study in that earlier article. The study was about the vulnerabilities created by OEMs and carriers customizations,and the inherent vulnerabilities they all have. As one commenter stated,their are a whole lot more problems than just Certifi-gate.

    0 0 Reply
  4. oneeye

    this link has more related information!

    Here is the article link with the study mentioned (pdf) that Check Point based their investigations on. There are sure to be lots more discovered from the study on Android customizations.

    http://www.theregister.co.uk/2015/07/20/fragmented_android_security_risk_report/

    0 0 Reply
  5. Pascal Monett Silver badge

    "100,000 and 500,000 downloads"

    Why exactly are these totals reported in this way and not by saying "600,000 downloads" ?

    It's about the same application. What is the interest in separating the numbers ?

    0 0 Reply
  6. Anon Adderlan
    FAIL

    So an app downloaded by a user, doing what the user INTENDS, happens to take advantage of a security vulnerability. You know what else users do that's enabled by a security vulnerability? Root and jailbreak their mobile devices.

    This is exactly the kind of hyperbolic distortion of context that causes people to ignore security companies, and rightfully so. If it's a dangerous vulnerability, then give me examples of exploits which are being used to cause HARM. Otherwise, you just weaken your case.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like