Google Play store app exploited critical 'Certifi-gate' Android flaw

Researchers with security vendor Check Point have discovered a popular app on the Google Play store is successfully exploiting the critical Android Certifi-gate vulnerability disclosed by the firm earlier this month.

The flaw means a malicious app requiring no special permissions can enable an attacker to completely take over nearly any device running the popular mobile operating system.

The newly-discovered offending application observed to be exploiting the flaw is Recordable Activator, a screen recording app from UK-based Invisibility, which boasts between 100,000 and 500,000 downloads.

However, Recordable Activator can only be used to record the screen rather than complete take over devices.

A Google spokesperson said the app had been suspended.

Certifi-gate exists due to a problem with the architecture of popular mobile remote support tools used by practically all device manufacturers and network service providers.

According to Check Point, the Recordable Activator issue involves a vulnerable version of a TeamViewer plugin.

TeamViewer took steps earlier this month to mitigate the Certifi-gate threat, stating the “updated version of TeamViewer QuickSupport for Android includes an improved security mechanism to ensure safe communication between internal app components".

But Check Point said despite the efforts taken by TeamViewer, older versions of the plugin are still in use and someone attempting to exploit Certifi-gate could still push vulnerable versions of the plugin from – for example – a third-party server.

Christopher Fraser, director of Invisibility and developer of Recordable Activator, said he had never intended to exploite the Certifi-gate vulnerability.

Fraser said he contacted vendors to get his own plugin signed in order to simplify processes for using the app. It was while waiting for a response that he found the TeamViewer QuickSupport app was freely distributable, he said.

“The plugins allowed [third-party] applications to access the screen so I added support for using that via the Recordable Activator app,” Fraser said.

“I only intended that this was a temporary solution until I had my own plugin, but I never received any responses from the vendors I contacted.”

Check Point has collected more than 30,000 anonymous scan results from users of its Certifi-gate scanner app.

From that data, the security firm determined that 42 percent of devices were not vulnerable to Certifi-gate, 42 percent were vulnerable, nearly 16 percent had a vulnerable plugin installed, and .01 percent had been exploited.

Copyright © SC Magazine, Australia