Slashdot Mirror
Open Ports Create Backdoors In Millions of Smartphones (bleepingcomputer.com)
An anonymous reader writes: "Mobile applications that open ports on Android smartphones are opening those devices to remote hacking, claims a team of researchers from the University of Michigan," reports Bleeping Computer. Researchers say they've identified 410 popular mobile apps that open ports on people's smartphones. They claim that an attacker could connect to these ports, which in turn grant access to various phone features, such as photos, contacts, the camera, and more. This access could be leveraged to steal photos, contacts, or execute commands on the target's phone. Researchers recorded various demos to prove their attacks. Of these 410 apps, there were many that had between 10 and 50 million downloads on the official Google Play Store and even an app that came pre-installed on an OEMs smartphones. "Research on the mobile open port problem started after researchers read a Trend Micro report from 2015 about a vulnerability in the Baidu SDK, which opened a port on user devices, providing an attacker with a way to access the phone of a user who installed an app that used the Baidu SDK," reports Bleeping Computer. "That particular vulnerability affected over 100 million smartphones, but Baidu moved quickly to release an update. The paper detailing the team's work is entitled Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications, and was presented Wednesday, April 26, at the 2nd IEEE European Symposium on Security and Privacy that took place this week in Paris, France."
Is there a list of the problematic apps that they found? Their paper - which can be found here: http://web.eecs.umich.edu/~jac... - lists a few example, but it would be useful to know the full list.
I searched the PDF of the paper and found no mention of either Apple or iOS, but Android and Java are mentioned multiple times.
ES File Explorer is apparently the poster child.
I am now using Solid Explorer which is just as good in all the other ways
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Can you suggest a reason why a smartphone application should listen on a port without you knowing it?
How many people root their Android device? Has anyone looked into SuperSU and how the simple su binary works? Nope.
The su binary that is passed around for all rooted Android distros has no source. It is maintained by a random person with financial motivation to not be conservative with your privacy or security.
I don't think Android users really care about backdoors to be honest
Of course the problem can be reduced if we were allowed to control a root level firewall on our android or iphone devices.
But of course we are paying for phones so someone else can use them to suck data and use it to spy or advertise to me in a really creepy way. Pretty damn frustrating.
My ism, it's full of beliefs.
BTW that is absolutely false. While an already open (and active) point to point connection is relatively hard to compromise, an application that is listen()ing on a port can be compelled to accept data from any source, at will, and repeatedly.
This makes buffer overflow (or other remote exploits) attacks trivial to both test and execute successfully.
Indeed. Methinks some people here do not understand the difference between a listening port and a port used in an active connection.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Well, if my flashlight app wants to open a listening port on the network, that in and of itself seems fishy to me. Furthermore, the more services are listening for connections, the higher the chance that one of them is badly coded and will allow an attacker to get access to my data.
I wonder if a possible explanation is just sloppy coding by app programmers, cutting and pasting huge swaths of code, libraries, etc, that they don't understand to get one function.
Even the *programmer* doesn't know what ports they're cut-and-pasted code is opening.
Open ports are not by themselves a security risk.
Not by themselves, but there's no such thing as an open port by itself. We're obviously talking about listening, so we need not discuss ports opened outward, although there are definitely ways to compromise an application in reverse, so opening a TCP connection outward is an opportunity for an incoming attack, if you connect to a host which is malicious (whether inherently, or because it has been compromised.) But at minimum, listening ports provide an opportunity to attack the networking stack of the device, and the application (or daemon, etc etc.) which opened the port. So yes, open ports absolutely do increase your security risk. If there are zero open ports on the device, then the only parts of the networking subsystem with which you interface are the network interface and its driver, which means there's less opportunity to exploit a vulnerability.
Saying open ports are not a security risk is like saying that open windows are not a security risk. What? Of course they are.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This was my most recent comment on Android and 'apps': https://slashdot.org/comments..... With this, I see no reason to change my mind. There's some reason we close all the ports we can and create solid firewall rules, isn't there?
I'm going to try this next: https://jolla.com/about/ but I'm not at all convinced that it's better.
On y va, qui mal y pense!
Sure, the app maker may scrape all your data and send it to their server. How is it in any way better to then leave a port open so that anyone can try and compromise your device and grab a copy for themselves?