Dan on Security
Register | Login
Major Android remote-access vulnerability is now being exploited

Labeled as “Certifi-Gate," the vulnerability is caused by insecure versions of remote administration tools installed by the manufacturers and carriers to provide remote customer service—including versions of TeamViewer, CommuniTake Remote Care, and MobileSupport by Rsupport. These carry certificates that give them complete access to the Android operating system and device hardware. The applications are commonly pre-installed on Samsung, LG, and HTC handsets.
Check Point has provided a free scanning application to allow individuals to determine if their Android device was vulnerable, and out of the 30,000 users that had opted to provide anonymous scan results, 58% of the Android devices scanned were vulnerable, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices with the vulnerable plug-in was LG with 72%.

Tags: android vulnerability
More from: arstechnica.com

show/hide source |


No comments found :-( To post a comment, please log in