Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Easily exploitable Certifi-gate bug opens Android devices to hijacking.

Easily exploitable Certifi-gate bug opens Android devices to hijacking.

2015/08/06

Help Net Security - (International) Security researchers from Check Point's mobile security research team discovered a set of vulnerabilities in the Android operating system (OS) dubbed "Certifi-gate" in the architecture of mobile Remote Support Tools (mRSTs) used by almost every Android device manufacturer in which an attacker can leverage hash collisions, inter-process communication (IPC) abuse, and certificate forging to gain unrestricted device access and steal personal data, track locations, and turn on microphones, among other actions.

Source: http://www.net-security.org/secworld.php?id=18730

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:55