App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones
It has been revealed through a recent study of an internet communication mechanism common in mobile devices that so-called ‘open ports’ are much more vulnerable to security breaches than expected. App Flaw Reportedly Creates Backdoor Hacking Millions Android Phones.
Open ports are integral pieces of internet infrastructure allows computer programs to accept packets of information from remote servers. These communication mechanisms are routinely used in traditional computers, where they are secure because computers’ Internet Protocol addresses don’t change. An IP address identifies a connected device.
“Hundreds of Android apps on Google Play that help users connect to PCs via Wi-Fi leave some ports open and poorly secured, exposing the device to hackers who can steal private information such as contacts, security credentials and photos, they can remotely control a device, perform a denial of service attack, or inject malicious code that could jumpstart widespread, virus-like attacks”, the researchers say.
All this research was done by a group of researchers from the University of Michigan, who scanned almost 100,000 popular apps on Google Play. Out of which 1,632 apps created open ports mostly to connect to PCs. Out of these 1,632 apps, 410 apps had very weak to no security protection, and 57 apps specifically left ports completely open for hackers to tinker with. They claimed that the most vulnerable among the lot, is an app called Wifi File Transfer, that has as many as 10 million Android downloads and lets user share data across devices and connect to their phones from their computers and has no password or fingerprint authentication to protect the user’s data.
The researchers have advised Android users to update AirDroid to the latest patched version and not to use default pass codes. Vulnerable open port apps should only be launched when needed and after using them, users should be sure to exit them fully through the task manager.
“Android users need to remain extra careful when using apps whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely without physically accessing it. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.
The developers instantly fixed the bug as soon as the Michigan researchers notified them. However, Wifi File Transfer app makers have failed to acknowledge till date.
The full research paper details half a dozen more apps including PhonePal and Virtual USB that create a backdoor for hackers to exploit.
The researchers say that “the user and Google for that matter is quite helpless in this matter, and developers’ will have to do a lot of work on their end to make their services more safe. For now, its best for users to uninstall all mentioned apps.”
Most Popular Training Courses at Indian Cyber Security Solutions