Millions of Android Devices Vulnerable to Network Scan Attack

The Researchers have recently found hundreds of vulnerable apps on the Google Play Store that are allowing the hackers to inject with malicious code which, on downloading, steals all the data from the infected Android device.

This problem, according to these researchers [PDF] is some of apps are creating the open ports on the smartphones, this is not a new problem since the same issue is faced by many computers but this is something new when it comes to the smartphone technology.

A team from University of Michigan tried to use a custom tool to scan more than 24,000 applications, and nearly 410 of them are found to be flawed. These apps are downloaded​quite often so they are potentially millions of the Android devices which are now vulnerable.

Researchers also stated the following: – “The newly discovered exploits can lead to a very large number of very severe privacy and security breaches. For example, stealing sensitive data remotely like photos, contacts, and even security credentials and then performing some malicious actions like executing arbitrary code and then installing malware remotely.”

The biggest problem here lies with apps which are used for the file transfer between computers and smartphones through the WiFi. This flawed security is allowing for more than just the owner of the device to access the transfer and the devices themselves. Further, apps that allow services such as WiFi File Transfer, are estimated to have  downloads between 10 and 50 million times. When this Michigan team decided to scan their campus network to determine how many of the devices can be found in this flaw; just in 2 minutes they are able to find a number of vulnerable devices.

“To get an initial estimate on the impact of these vulnerabilities in the wild, we performed a port scanning in our campus network, and immediately found a number of mobile devices in 2 minutes which were potentially using these vulnerable apps,” according to the team.

Related posts

Microsoft To Add Passkey Support With Windows 11

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites