New group of vulnerabilities
Hundreds of millions Android-devices contain group of the vulnerabilities under the general name Certifi-gate allowing malefactors to get unlimited access to function of gadgets and information stored on them specialists of the Check Point Software Technologies company occupied with problems of information security warned.
Problem essence
The problem consists in misoperation of methods of authorization in the appendices of the class Remote Support Tool (mRST) intended for remote service of devices including by means of function of a remote desktop.
The mRST appendices are included into a basic insertion of hundreds of millions of Android-devices released by such producers as LG, Samsung, HTC and ZTE.
By means of vulnerabilities of Certifi-gate malefactors can deceive system and be presented as legitimate knot of management (that is the official supplier of service of remote service). It allows to get access to functions of remote control.
Almost unlimited opportunities
Vulnerabilities give to hackers almost unlimited opportunities: they can abduct personal information, trace location of gadgets, include microphones for record of talk and many other things.
It is remarkable that in the Android operating system there is no possibility of a way to cancel certificates which grant to the mRST appendices exclusive access rights. Without necessary patches or other tools the device is vulnerable from the date of release, told in Check Point.
Process of updating can be dragged out
The company notified on detection of Certifi-gate of all interested suppliers who started release of patches. This vulnerability can't be eliminated, for a solution it is necessary to carry out updating at which on the device the new version is established ON, however this process can take a lot of time. Android also didn't offer any options of a response of the certificates used for the signature of vulnerable plug-ins, noted in the company.
"Daily people use mobile devices for the solution of important questions worldwide: they look through corporate mail, check bank accounts and trace information about health — Dorit Dore, the vice-president for products of Check Point Software Technologies commented. — A problem in, whether that they seldom think, are their data in safety. It is very easy to use this vulnerability that can lead to loss or illegal distribution of personal information of users. There came time when it is necessary to start taking seriously safety of mobile devices".
In more detail: http://www.cnews.ru/news/top/index.shtml? 2015/08/07/598368
Hundreds of millions Android-devices contain group of the vulnerabilities under the general name Certifi-gate allowing malefactors to get unlimited access to function of gadgets and information stored on them specialists of the Check Point Software Technologies company occupied with problems of information security warned.
Problem essence
The problem consists in misoperation of methods of authorization in the appendices of the class Remote Support Tool (mRST) intended for remote service of devices including by means of function of a remote desktop.
The mRST appendices are included into a basic insertion of hundreds of millions of Android-devices released by such producers as LG, Samsung, HTC and ZTE.
By means of vulnerabilities of Certifi-gate malefactors can deceive system and be presented as legitimate knot of management (that is the official supplier of service of remote service). It allows to get access to functions of remote control.
Almost unlimited opportunities
Vulnerabilities give to hackers almost unlimited opportunities: they can abduct personal information, trace location of gadgets, include microphones for record of talk and many other things.
It is remarkable that in the Android operating system there is no possibility of a way to cancel certificates which grant to the mRST appendices exclusive access rights. Without necessary patches or other tools the device is vulnerable from the date of release, told in Check Point.
Process of updating can be dragged out
The company notified on detection of Certifi-gate of all interested suppliers who started release of patches. This vulnerability can't be eliminated, for a solution it is necessary to carry out updating at which on the device the new version is established ON, however this process can take a lot of time. Android also didn't offer any options of a response of the certificates used for the signature of vulnerable plug-ins, noted in the company.
"Daily people use mobile devices for the solution of important questions worldwide: they look through corporate mail, check bank accounts and trace information about health — Dorit Dore, the vice-president for products of Check Point Software Technologies commented. — A problem in, whether that they seldom think, are their data in safety. It is very easy to use this vulnerability that can lead to loss or illegal distribution of personal information of users. There came time when it is necessary to start taking seriously safety of mobile devices".
In more detail: http://www.cnews.ru/news/top/index.shtml? 2015/08/07/598368