Certifi-Gate: huge Android vulnerability lets hackers take over Samsung and HTC phones

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Millions of Android phones could be easily hijacked, using software that was installed on them by their manufacturers.

Many companies install “remote support” apps onto their phones, which are intended to help customers and can’t be removed. But they are given special access to the phone, which hackers can break into and then use.

Exploiting the privileges could let people “steal personal data, track device locations, turn on microphones to record conversations”, according to Check Point, the security firm that found the hack and named it “Certifi-Gate”.

Phones and tablets made by HTC, LG, Samsung, and ZTE and many other manufacturers are vulnerable to the hack.

The affected companies have been notified about the hack and are pushing out fixes, according to Check Point. But the problem can only be fixed with a security update, and Android phones are notoriously slow to receive them, though manufacturers have committed to push out fixes more regularly.

Check Point has made an app that will check whether phones are vulnerable to the hack and whether they have been infected. It is available on the Google Play Store, and is called “Certifi-gate Scanner”.