This article is more than 1 year old
Android faces SECOND patching crisis, on the same scale as Stagefright
‘Certifi-gate’ vuln could allow unrestricted device access
'Very easily exploited', hard to fix
Without patching, an attacker can use the vulnerable plug-in to elevate access permissions and gain full control of a vulnerable device. Check Point’s security boffins reckon the “Certifi-gate” vulnerability is “very easily exploited” as well as difficult to fix.
Android offers no way to revoke the certificates that provide the problematic privileged permissions. Left unpatched, and with no reasonable workaround available, devices are vulnerable right out of the box.
“Some of the mRST vendors have released patched versions of the vulnerable plugins,” a Check Point spokesman explained. “However, it’s important to note that this doesn’t solve the issue as this doesn’t patch pre-installed plugins.”
“These patches need to come from the OEM vendor. Moreover, an attacker can always trick a user to install an old vulnerable version of the plugin and attack it in order to gain privileged permissions,” he added.
Check Point researcher Bashan and his colleagues are down to provide more details of the vulnerability (and how to fix it) during a presentation at the Black Hat security conference in Las Vegas on Thursday. ®
Bootnote
1Stagefright creates a means for attackers to plant malware on vulnerable Android devices providing only that they know the phone number of their intended target.
Specially crafted malware hidden inside multimedia message (MMS) could stealthily exploit a vulnerability in the Stagefright library. Alarmingly, no user interaction is needed at all – preview generation is automatic upon receiving the MMS by default on most Android devices.
And patches are not yet available. The upshot is that hackers can, with a text message, silently and completely take control of a smartphone.