Set as Homepage - Add to Favorites

【India Archives】

Source:Wisdom Convergence Information Network Editor:Shopping Time:2025-06-26 12:46:37

All is India Archivesnot well in Google Play.

A group of researchers has determined that hundreds of apps in the store have a gaping security hole that potentially allows hackers to implant malware and steal data from millions of Android smartphones.

According to a paper detailing the alleged flaw, the problem lies within apps that create open ports on cellphones. This is a known and understood problem with computers, but hasn't before been systematically studied in smartphones. The University of Michigan team used a custom tool to scan 24,000 apps and found 410 potentially vulnerable applications — at least one of which has been downloaded millions of times.

SEE ALSO: Critical LastPass security hole would allow hackers to steal your passwords

"These newly discovered exploits can lead to a large number of severe security and privacy breaches," the group explains. "For example remotely stealing sensitive data such as contacts, photos, and even security credentials and performing malicious actions such as executing arbitrary code and installing malware remotely."

The main problem appears to be with apps like WiFi File Transfer, which lets users connect to a port on their phone via Wi-Fi and access its contents. The apps make it easy to transfer files from a phone to a computer, but because of insufficient security the ability to do so is apparently not limited to merely the device's owner.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

WiFi File Transfer has been installed between 10 million and 50 million times, meaning this problem is not just theoretical — a fact the University of Michigan researchers didn't have to look far to confirm.

"To get an initial estimate on the impact of these vulnerabilities in the wild, we performed a port scanning in our campus network, and immediately found a number of mobile devices in 2 minutes which were potentially using these vulnerable apps."

The researchers manually confirmed that 57 of the 410 apps were indeed vulnerable, and demonstrated various attacks in a series of videos showing how the "app opens ports by default and no client authentication or incoming connection notifications are engaged, which put the device user into severe danger."

The apps appear to leave the security barn door wide open, in other words, and malicious actors can stroll right in.

We reached out to Google for comment, but received no response as of publication.

The good news is that there is an easy fix if you have one of these potentially vulnerable applications: Uninstall it. Unfortunately, unless the problem is systematically addressed, this is a vulnerability that will be with us for a long time to come.

Featured Video For You
This NYU student went undercover as a worker in a Chinese iPhone factory

Topics Android Cybersecurity Google

Previous:Operation Rock Wallaby rains food down on wildlife hurt by bushfires

Next:The Amazon Book Sale is coming April 23 through 28

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

What We’re Loving: The Backwoods Bull, the Ballet, the Boot by The Paris ReviewRobert Frost, the Karate Kid, born on this day in 1874.AI.com now redirects to xAI, Elon Musk's project, instead of ChatGPT. It's not clear why.The Morning News Roundup for March 13, 2014“The grandfather of origami” Akira Yoshizawa, born on this day in 1911In Netflix's 'Jake Paul the Problem Child,' abuse is just a necessary evilJohn Ashbery reads ”A Boy”Michael Bruce’s “Elegy—Written in Spring” by Dan PiepenbringThe Morning News Roundup for March 18, 2014Listen to Frederick Seidel read his poem “For Holly Andersen”Why COVID vaccines give way better protection than a COVID infectionAI.com now redirects to xAI, Elon Musk's project, instead of ChatGPT. It's not clear why.See the First Footage from the Cinematograph, Circa 1895John Ashbery reads ”A Boy”Why Instagram keeps serving an ad that looks like a pile of pooOvid’s Ancient Beauty Elixirs by Dan PiepenbringWordle today: Here's the answer and hints for August 4The Morning News Roundup for March 21, 2014Elon Musk's X/Twitter is letting paying users hide their blue ticksThe Life and Times of Josep Pla PDD tests new feature allowing merchants to offer targeted return shipping · TechNode NASA captures Sun's strongest solar flare in 6 years NASA's car Watch how 6 planets orbit their star in perfect sync Murray vs. Machac 2024 livestream: Watch Wimbledon for free NYT's The Mini crossword answers for June 30 The Webb telescope just probed a star's pulverized corpse Toyota said to acquire land in China for making electric Lexus vehicles · TechNode 'House of the Dragon' director breaks down Rhaenyra and Alicent's pivotal meeting Raducanu vs. Alexandrova 2024 livestream: Watch Wimbledon for free China’s CATL aims to boost tech innovation by funding suppliers · TechNode Tesla loses its head of Giga Shanghai to a Chinee energy firm · TechNode Ant Group denies shell listing rumors, warns against stock scams · TechNode Trip.com announces plans to explore four Black Myth: Wukong nominated for Game of the Year at 2024 Steam Awards · TechNode BYD announces recruitment for humanoid robot research team · TechNode How NASA's asteroid sample survived despite a parachute flop NASA will land daring spacecraft on a world 800 million miles away BYD to launch full Oppo seeks trademark registration for "ophone" · TechNode

2.1208s , 10132.5625 kb

Copyright © 2025 Powered by 【India Archives】,Wisdom Convergence Information Network  

Sitemap

Top

Quick Links