A team of researchers from the University of Michigan discovered that hundreds of applications in Google Play Store have a security hole that could allow hackers to steal data from and inject malware on millions of Android smartphones.
The actual issue lies within apps that create open ports, that are not properly closed. It is a known problem with computers and smartphones.
This issue has nothing to do with Android OS or the handset; instead, the origin of this so-called back-door is due to insecure coding practices by various app developers. Android App developers are constantly growing over the years, as it is the most used mobile OS platform.
What makes it dangerous?
There are 65636 ports in any system that is connected to internet. If the ports are not closed, then attackers can enter via these ports and steal users data. They can also inject malware into the system and execute them. It’ll be easier to access photos, media files and even use messaging and phone services.
The team used its custom tool to scan over 100,000 Android applications and found 410 potentially vulnerable applications – many of which have been downloaded between 10 and 50 Million times and at least one app comes pre-installed on Android smartphones.
To get an initial estimate on the impact of these vulnerabilities, the team performed a port scanning in its campus network, and within 2 minutes it found a number of mobile devices potentially using these vulnerable apps.
They manually confirmed the vulnerabilities for 57 applications, including popular mobile apps with 10 to 50 million downloads from official app marketplaces, and also an app that is pre-installed on a series of devices from one manufacturer.
No doubt, an open port is an attack surface, but it should be noted that port opened by an application can not be exploited until a vulnerability exists in the application, like improper authentication, remote code execution or buffer overflow flaws.
Besides this, an attacker must have the IP address of the vulnerable device, exposed over the Internet. But getting a list of vulnerable devices is not a big deal today, where anyone can buy a cheap cloud service to scan the whole Internet within few hours.
These vulnerabilities can be exploited to cause highly-severe damage to users like remotely stealing contacts, photos, and even security credentials, and also performing sensitive actions such as malware installation and malicious code execution.
Almost 81.7% of the newly sold devices use Android as their platform. Those applications that pose a threat can be removed by un-installing it. If the app is un-installed, then it will no longer pose the threat. But then, many apps would have to be removed from the mobile. The best choice is that we use a Firewall.
NoRoot Firewall is one of the good firewalls to be used in android platform. It blocks every application installed in the mobile from using the internet, if options are set. It can also block certain apps from accessing the listed addresses and ports.