Certifi-Gate Can Control Your Android Devices Without You Knowing: Are You At Risk?

Mobile system security experts have revealed that hackers can get full access of a mobile phone without the knowledge of the owner.

Check Point Software Technologies Ltd, a network security firm, dubbed the flaw in mobile devices as "Certifi-gate." Check Point reveals that some software pre-installed on many Android handsets by original equipment manufacturer (OEM) cannot be disabled by users but can be abused by some malicious apps.

Hackers can steal personal data, get the handset's location and contact information from a phone by exploiting the software remotely. Hackers can also switch on a phone's microphone without the owner's permission or knowledge.

Gabi Reish, the VP of product management at Check Point, says that Certifi-gate can make a mobile phone a remote spying device. Many smartphone makers have used a flawed verification system that allows privilege access to hackers remotely once the app is connected.

There are millions of Android smartphones in use that have been made by well-known brands such as Samsung, LG, HTC, Asus and more. Check Point suggests that the latest Android 5 Lollipop, which is believed to be the most secured Android mobile operating system, is also at risk of Certifi-gate.

Reish says that many smartphone makers are aware of the issue and are releasing a patch to fix the vulnerability but there are many handsets exposed to the risk.

The network security firm has also developed a scanning app, which can detect the vulnerability in a smartphone.

Samsung and Google have appreciated Check Point's efforts in identifying the vulnerabilities.

"We want to thank the researcher for identifying the issue and flagging it for us. The issue they've detailed pertains to customisations original equipment manufacturers make to Android devices and they are providing updates which resolve the issue. Nexus devices are not affected and we haven't seen attempts to exploit this," says a Google spokesperson.

The use of mobiles has increased drastically in the last few years. A mobile phone cannot only make or receive calls but it can also be used to make monetary transactions. Many people also use their smartphone to check their emails, which may have confidential information. As such, security of a smartphone should be the utmost priority of owners.

Google also highlighted that Android device owners should always download apps from trusted sources like Google Play.

Check out a short video on Certifi-gate Android Security Vulnerability.

Photo: Ervins Strauhmanis | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics