Certifi-Gate: huge Android vulnerability lets hackers take over Samsung and HTC phones

Software that is pre-installed on phones could be hijacked to take control of them, researchers say

Andrew Griffin
Friday 07 August 2015 07:05 EDT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Millions of Android phones could be easily hijacked, using software that was installed on them by their manufacturers.

Many companies install “remote support” apps onto their phones, which are intended to help customers and can’t be removed. But they are given special access to the phone, which hackers can break into and then use.

Exploiting the privileges could let people “steal personal data, track device locations, turn on microphones to record conversations”, according to Check Point, the security firm that found the hack and named it “Certifi-Gate”.

Phones and tablets made by HTC, LG, Samsung, and ZTE and many other manufacturers are vulnerable to the hack.

The affected companies have been notified about the hack and are pushing out fixes, according to Check Point. But the problem can only be fixed with a security update, and Android phones are notoriously slow to receive them, though manufacturers have committed to push out fixes more regularly.

Check Point has made an app that will check whether phones are vulnerable to the hack and whether they have been infected. It is available on the Google Play Store, and is called “Certifi-gate Scanner”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in