According to a paper detailing the critical flaw, the problem lies within apps that create open ports on mobilephones. This is a known and understood problem with computers, but hasn’t before been consistently studied in smartphones. The University of Michigan team used a custom tool to scan 24,000 apps and found 410 potentially vulnerable applications — at least one of which has been downloaded millions of times.
These newly discovered exploits can lead to a large number of severe security and privacy breaches,” the group explains. “For example remotely stealing sensitive data such as contacts, photos, and even security credentials and performing malicious actions such as executing arbitrary code and installing malware remotely
The main problem appears to be with apps like WiFi File Transfer, which lets users connect to a port on their phone via Wi-Fi and access its contents. The apps make it easy to transfer files from a phone to a computer, but because of insufficient security the ability to do so is apparently not limited to merely the device’s owne
WiFi File Transfer has been installed between 10 million and 50 million times, meaning this problem is not just theoretical — a fact the University of Michigan researchers didn’t have to look far to confirm.
“To get an initial estimate on the impact of these vulnerabilities in the wild, we performed a port scanning in our campus network, and immediately found a number of mobile devices in 2 minutes which were potentially using these vulnerable apps.”
The apps appear to leave the security barn door wide open, in other words, and malicious actors can stroll right in.
We reached out to Google for comment, but received no response as of publication
The good news is that there is an easy fix if you have one of these potentially vulnerable applications: Uninstall it. Unfortunately, unless the problem is systematically addressed, this is a vulnerability that will be with us for a long time to come.
NYU student went undercover as a worker in a Chinese iPhone factory