Google Play Continues to Serve Up Threats

Android users are again at risk of being under cyber attack, this time through an app that has been harnessed by hackers to exploit the Certifi-gate vulnerability. The app, which was initially available on the official Google Play Store, already had somewhere between 100,000 and 500,000 downloads before the security threat was highlighted.

The Certifi-gate security vulnerability was first reported on the 6th August by researchers from security company Check Point. They revealed that hackers were able to take full control of affected devices, gaining what is referred to as “illegitimate privileged access rights”. This is done via a malicious app that requires no special permissions, passwords or verifications.

The app in question is called the Recordable Activator – a screen-recording app created by UK-based Invisibility Ltd. Though not the first app to fall victim to attack in this way, it is certainly emphasising the need for device manufacturers and network service providers to further investigate the security and architecture of software such as Remote Support Tools.

In this particular case, it was in fact the TeamViewer plugin that caused the vulnerability – an application meant only as a temporary solution for Invisibility Ltd, but one that allowed third-party access to screens. Both TeamViewer and Invisibility Ltd are doing their best to mitigate the Certifi-gate threat, the former stressing in a press release that an updated version includes improved security mechanisms.

Google has since confirmed that the app has been suspended, but that two other apps by Invisibility Ltd, both deemed safe, are still available on the Google Play Store.

In a bid to better understand the outreach of the Certifi-gate threat, Check Point has collected more than 300,000 anonymous scan results from users of its Certifi-gate scanner app. The resulting data showed an even split in devices that were vulnerable and devices that were not – 42-percent for each – with a further 16-percent having a vulnerable plugin installed. Fortunately, only 0.1-percent had actually been exploited.

The lesson here remains much the same as with any internet security scenario: users must take responsibility to at the very least ensure that their devices are running on up-to-date software, and that they only use networks that they can trust. The rest lies in the hands of manufacturers and developers who face a continual struggle to stay ahead of the game.