Open Ports Create Backdoors in Millions of SmartphonessteemCreated with Sketch.

in #technology7 years ago

From Bleeping Computer

Mobile applications that open ports on Android smartphones are opening those phones to remote hacking, claims a team of researchers from the University of Michigan.

Open ports are a well-known threat vector on servers, where administrators deploy security software with the primary purpose of shutting down or alerting the owner every time an unauthorized port is opened, or someone tries to connect to it.

The last place you'd expect to have problems with open ports is your smartphone, mainly because server and mobile operating systems have very few in common.

In reality, the Android OS, which was based on an early version of the Linux kernel, has inherited the same problem.

Research inspired by 2015 Baidu SDK flaw
Research on the mobile open port problem started after researchers read a Trend Micro report from 2015 about a vulnerability in the Baidu SDK, which opened a port on user devices, providing an attacker with a way to access the phone of a user who installed an app that used the Baidu SDK. That particular vulnerability affected over 100 million smartphones, but Baidu moved quickly to release an update.

Interested in assessing what other mobile applications open ports on users' devices, the research team got to work. The first step was to create a tool they later named OPAnalyzer.

They initially used this tool to scan over 100,000 Android applications and classify 99% of the apps into five distinct app families, based on how they used and what ports they opened. The categories were: data sharing, proxy, remote execution, VoIP call, and PhoneGap (apps based on the PhoneGap framework code signature).

In a second stage, researchers used the same OPAnalyzer tool to carry out extensive usage tests. They effort unearthed 410 vulnerable applications and 956 potential exploitation vectors.

Of these 410 apps, there were many that had between 10 and 50 million downloads on the official Google Play Store and even an app that came pre-installed on an OEMs smartphones.

Read more: https://www.bleepingcomputer.com/news/security/open-ports-create-backdoors-in-millions-of-smartphones/
Follow @contentjunkie to stay up to date on more great posts like this one.

#news #android #security #life
7 years ago in #technology by
$0.44
  • Past Payouts $0.44, 0.00 TRX
  • - Author $0.38, 0.00 TRX
  • - Curators $0.06, 0.00 TRX
89 votes
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago 

    This post has been ranked within the top 50 most undervalued posts in the first half of Apr 29. We estimate that this post is undervalued by $2.64 as compared to a scenario in which every voter had an equal say.

    See the full rankings and details in The Daily Tribune: Apr 29 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.

    If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.20
      TRX 0.13
      JST 0.030
      BTC 64364.24
      ETH 3416.30
      USDT 1.00
      SBD 2.48