Major Android remote-access vulnerability is now being exploited [Updated] | Ars Technica
mercredi 26 août 2015 à 11:33GuiGui's Show - Liens
Un exemple de pourquoi nous devons avoir du logiciel libre sur nos ordinateurs mobiles / ordiphones dans un premier temps puis un contrôle de la puce baseband (la puce qui émet/reçoit sur/depuis le réseau mobile, l'ordinateur dans l'ordinateur, le truc qui échappe au contrôle de l'utilisateur à l'heure actuelle) dans un deuxième temps : pouvoir installer, activer, désactiver, supprimer les logiciels de notre choix notamment les bloatwares, avoir le contrôle sur l'appareil (pas de backdoor volontaire ou non) et avoir un cycle de mise à jour moins long (car là ça dépend de Google puis du fabriquant de l'appareil puis parfois de l'opérateur (!) alors qu'avec Replicant, par exemple, le circuit de distribution est plus court) et moins pourri (si je ne mets pas à jour mon ordiphone, c'est parce que j'ai peur de perdre mon accès root, ce qui ne peut arriver avec Replicant (http://www.replicant.us/), par exemple).
« Based on anonymized data collected from users of an app designed to check for a newly revealed vulnerability in many Android devices, Check Point discovered that one application in the Google Play store is exploiting the vulnerability to gain a high level of access to the Android OS, bypassing user permissions—and bypassing Google’s security scans of Play applications to do so. Update: A Google spokesperson told Ars that the offending app has been suspended in the Play store.
[...]
At the Black Hat security conference in Las Vegas earlier this month, Check Point’s Ohad Bobrov and Avi Bashan presented research into an Android vulnerability introduced by software installed by phone manufacturers and cellular carriers that could affect millions of devices. Labeled by Bobrov and Bashan as “Certifi-Gate," the vulnerability is caused by insecure versions of remote administration tools installed by the manufacturers and carriers to provide remote customer service—including versions of TeamViewer, CommuniTake Remote Care, and MobileSupport by Rsupport. These carry certificates that give them complete access to the Android operating system and device hardware. The applications are commonly pre-installed on Samsung, LG, and HTC handsets.Check Point researchers share a summary of that data—a majority (about 58 percent) of the Android devices scanned were vulnerable, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices already carrying the vulnerable plug-in was LG—over 72 percent of LG devices scanned in the anonymized pool had a vulnerable version of the plug-in. »
(Permalink)
Un exemple de pourquoi nous devons avoir du logiciel libre sur nos ordinateurs mobiles / ordiphones dans un premier temps puis un contrôle de la puce baseband (la puce qui émet/reçoit sur/depuis le réseau mobile, l'ordinateur dans l'ordinateur, le truc qui échappe au contrôle de l'utilisateur à l'heure actuelle) dans un deuxième temps : pouvoir installer, activer, désactiver, supprimer les logiciels de notre choix notamment les bloatwares, avoir le contrôle sur l'appareil (pas de backdoor volontaire ou non) et avoir un cycle de mise à jour moins long (car là ça dépend de Google puis du fabriquant de l'appareil puis parfois de l'opérateur (!) alors qu'avec Replicant, par exemple, le circuit de distribution est plus court) et moins pourri (si je ne mets pas à jour mon ordiphone, c'est parce que j'ai peur de perdre mon accès root, ce qui ne peut arriver avec Replicant (http://www.replicant.us/), par exemple).
« Based on anonymized data collected from users of an app designed to check for a newly revealed vulnerability in many Android devices, Check Point discovered that one application in the Google Play store is exploiting the vulnerability to gain a high level of access to the Android OS, bypassing user permissions—and bypassing Google’s security scans of Play applications to do so. Update: A Google spokesperson told Ars that the offending app has been suspended in the Play store.
[...]
At the Black Hat security conference in Las Vegas earlier this month, Check Point’s Ohad Bobrov and Avi Bashan presented research into an Android vulnerability introduced by software installed by phone manufacturers and cellular carriers that could affect millions of devices. Labeled by Bobrov and Bashan as “Certifi-Gate," the vulnerability is caused by insecure versions of remote administration tools installed by the manufacturers and carriers to provide remote customer service—including versions of TeamViewer, CommuniTake Remote Care, and MobileSupport by Rsupport. These carry certificates that give them complete access to the Android operating system and device hardware. The applications are commonly pre-installed on Samsung, LG, and HTC handsets.Check Point researchers share a summary of that data—a majority (about 58 percent) of the Android devices scanned were vulnerable, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices already carrying the vulnerable plug-in was LG—over 72 percent of LG devices scanned in the anonymized pool had a vulnerable version of the plug-in. »
(Permalink)