A new Android vulnerability released by Check Point at Black Hat USA 2015 means that hundreds of millions of devices are open to attack.
The vulnerability, dubbed Certifi-gate, was previously unknown and is found in the architecture of mobile Remote Support Tools (RSTs) used by most Android device manufacturers.
Check Point explained that Certifi-gate is a set of vulnerabilities in the authorisation methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device.
mRSTs allow remote personnel to offer customers technical support for their devices by replicating a device’s screen and simulating screen clicks at a remote console.
If exploited, Certifi-gate allows malicious applications to silently gain unrestricted access to a device, elevating their privileges to allow access to user data and to perform a variety of actions usually only available to the device owner.
This vulnerability allows mobile platform attackers to masquerade as the original remote supporter with system privileges on the device.
More about the new Android vulnerability here