Certifi-gate is the latest Android security scandal
by from Techreport on (#GR3W)
Today's high-level Android vulnerability is called Certifi-gate. As you might have guessed, it gets its name from an underlying problem with the way the operating system handles digital certificates in the context of remote support tools (RSTs). The vulnerability can let an attacker gain full control over a victim's device.
Here's roughly how it goes. A bog-standard RST app will usually ask for a normal set of user permissions, but it also needs to install a plugin with elevated permissions so it can perform its tasks. While the RST is digitally signed by its ...