Another day — and another major Android vulnerability has been disclosed. This flaw, called Certifigate, is buried deep in the Android ecosystem.
Ohad Bobrov, director, Mobile Threat Prevention at Check Point, detailed the flaw at the Black Hat USA conference. The flaw involves privileged certificates used by OEM vendors to sign Remote Support Tool (mRST) apps. According to Bobrov, the certificates could be leveraged by an attacker to sign malicious apps that would then run with trusted access.
In a press briefing, Bobrov explained that, even with a Google Android patch, the flaw would be difficult to eliminate.
Earlier in the week at Black Hat, Google’s Adrian Ludwig discussed a forthcoming software update, the biggest in Android history, and other changes Google and its partners are making to improve Android security.
Watch the full video with Ohad Bobrov below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.