NEW YORK: Last night Google removed the app but it is still available in some third party app stores and under various names including EASY screen recorder. If you have installed a remote access program like this – remove it now if you can.
Certifi-gate is a vulnerability that allows applications to gain illegitimate privileged access rights that are typically used by remote support applications that are either pre-installed or personally installed on the device. Attackers can exploit Certifi-gate to gain unrestricted device access, allowing them to steal personal data, track device locations, turn on microphones to record conversations, and more.
Certifi-gate was reported by iTWire on 7 August and it is pretty nasty stuff. The vulnerability cannot be easily patched – it may require a rewrite of the Android kernel.
Check Point published a Certifi-gate vulnerability scanner to check if an Android device had been infected. That led to the discovery of Recordable Activator and an infection rate of 15.84% of all devices scanned. For reasons unknown LG, Samsung and HTC devices had the respective highest infection rates – we assume it is due to market share.
Recordable Activator, an app developed by UK-based Invisibility Ltd., has had between 100,000 and 500,000 downloads on Google Play. It bypassed the Android permission model to use the TeamViewer’s plug-in to access system level resources and to record the device screen.
Recordable Activator demonstrates the following inherent issues related to Certifi-gate:
Unprivileged apps can leverage a vulnerability to take full control of a device without having to request permissions from Android to do so.
Even after TeamViewer fixed its official version, malicious parties can still abuse old versions of the plug-in to conduct malicious acts.
Mobile devices can be exploited even if a vulnerable plug-in was not pre-installed on a device.
Apps that can exploit these vulnerabilities can be found today on Google Play.
The only fix is for manufacturers to push updated ROMs to affected devices.
Well-known TeamViewer said that the way this app uses its plug-in is a violation of the code’s use and that it does not allow any third parties to use their code. It assures users that the updated (3 June) TeamViewer Quick Support for Android addresses the issue.
Other remote support apps (mRSTs) including Rsupport and CommuniTake Remote Care may also be vulnerable.
How to remove it
Check Point give details here but the bottom line is that if the TeamViewer plug-in was pre-installed (as many Android devices are) you will most likely not be able to uninstall it. In this case, contact your device manufacturer and ask for a fix.
