Yet another news article from me this time around, but about a total completely topic compared to last time.
I just read an article about what will follow now and I think this is more than just mentionable.
According to several news from 2015 there are currently 1.4 billion active android devices around the world.
This huge amount of devices obviously can result in tons of affected devices through a found vulnerability.
History lesson from 2015
This was observed in late 2015. Over 100 million Android devices were at risk due to a 'back-door like feature' found in an SDK called Moplus distributed by Baidu.
For people who don't know that name, it's basically the Chinese equivalent of Google Search.
A SDK brings a lot of features and tools, on which a developer has no or just little influence on changing their behavior.
In this case here a finished developed app automatically has installed and launched a web server on the device, which did not implement any authentication method... so it will accept requests from any source, and thus provides backdoor functionalities easily.
As a result one can write specific malware which for example automatically and periodically deploys unauthorised applications..
If someone want's to read more about this vulnerability here's the link
This time around it's basically a follow up on the past baidu disaster. It's not about a single SDK vulnerabilty but about app developers/developing in general, because a lot of apps are developed carelessly and without thinking much about security.
So what is it about?
A research team designed and implemented a tool which can effectively identify and charactereize vulnerable open port usage in Android apps.
Using OPAnalyzer, they performed extensive usage and vulnerability analyses on a dataset with over 100,000 Android applications.
OPAnalyzer successfully classified 99% of the mobile usage of open ports into five distinct families, and from the output, the researchers were able to identify several mobile-specific usage scenarios, such as data sharing in physical proximity.
What does that mean ?
In the end nearly half of the usage in the apps which got investigated are unprotected and could be exploited remotely.
- 410 vulnerable apps identifies
- about 1000 potential working exploits for those apps
- includes popular apps with 10 - 50 million downloads from the app store / pre installed apps on certain devices..
These vulnerabilities are mostly inherited from various usage of open ports, which in the end exposes unprotected sensitive functionalities of the apps to anyone from anywhere ( that can reach and send requests to one of those ports ).
This widespread vulnerability in the software that runs on mobile devices could allow attackers to steal contact information, security credentials, photos, and other sensitive data, and also to install malware and to perform malicious code execution which could be used in large-scale attacks.
Luckily it was found doing research and made public this way instead of another global malware infection .
NOTE: In this threat model an attacker can sit in the LAN, or Internet to send packets, or simply trick the user to click an URL on his/her phone. No Malware needed in theory!
Demo and paper
Demos for said vulnerability can be found here
The publication in form of a paper can be found here
For people who wanna discuss about it, now here's the time and place for it.
- What phone and more importantly what mobile OS are you using?
- Do you have any installed mechanism to prevent/detect security breaches on there?
- 'No goes' or 'must installs' on a fresh OS?