Recent security posts were focused only on the Android devices because there has been many vulnerabilities that has been revealed within a short span of time. Recently another vulnerability has been revealed targeting Android.
The vulnerability allows the attacker to take complete control over the Android device (root access) even you din't root your device.
The vulnerability lies in the part of the core which enables the remote support that has been used by services such as Teamviewer. The module has been integrated into the core and this has been integrated by almost all Android device manufacturers.
The vulnerable plugin can be used to take control to the core that is the attacker gets an administrator privilege for the device and it is not required that the device has to be rooted.
The vulnerability is named as #Certifi-Gate and unfortunately the plugin can not be removed because it is the core of the operating system and it also provides services such as rsupport and the plugin is known as #Remote Support Tool (#mRST).
Users can not prevent attacker from gaining access and all the versions lower than and running Lollipop are vulnerable and it has to be fixed by the Android itself.
The demo has been released on youtube for public viewing and the Android app has been developed by the Check point to check whether the device is vulnerable or not.
The Application that can be used to check whether the device has been vulnerable or not can be downloaded from the official Android Play store from here.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment