Are you an app addict or a beta tester? Then here after, you have to be more conscious in downloading apps from Google play store. Recently, researchers from University of Michigan discovered that, hundreds of applications in the google play store have security hole, which allows actors to steal the user data from millions of smart phones. And the most worst thing is through this back door, hackers can even implant malware in smart phones and access those smart phones for fraudulent activities.

According to the research team, this issue is caused, because of insecure coding made by some developers, while creating app.It opens a loop to hackers to steal data via ports such as FTP in Smartphones and USB port in PC'S.Also, To be clear, that the problem is not with smart phone's operating system or handset. The problem lies with the open ports created through insecure coding.

To identify the problem within the apps, the research team designed a static analysis tool which identified and characterised vulnerable open port usage in Android applications. And the team scanned around 100,000 android applications and found 410 potentially vulnerable applications in play store. And the awful thing in this finding is that- among those 410 insecure applications, many has been downloaded by nearly 50 million users across the globe from the play store and s some of it comes as a pre-installed in new smart phones.

As I said earlier, back doors are created through invisible electronic ports, which allows the application to communicate with other services such as internet which has its preliminary service at port 80. Every vulnerable application opens an unused port ranging from 1 to 65535 as a virtual door to communicate and exchange data between devices.

As many years, applications in the market uses network and internet for efficient use. At the same time, those applications and ports may have weak link, which would allow the actors to hack and control the computer without the acknowledgement of user.

From the research paper, it has been found that, the problem with the apps like WiFi file transfer allows the user to transfer file to other device by connecting the user's smartphone to a port via WiFi. Apparently, insecure path may lead the local attackers to hack into the device.

As a initial test, research team performed a port scanning in its campus network and in 2 minutes, they found number vulnerable app users, who used the campus network.

Researcher said,'They manually confirmed the vulnerabilities for 57 applications, including popular mobile apps with 10 to 50 million downloads from official app marketplaces, and also an app that is pre-installed on a series of devices from one manufacturer.The vulnerabilities in these apps are generally inherited from the various usage of the open port, which exposes the unprotected sensitive functionalities of the apps to anyone from anywhere that can reach the open port.'

Now, it is cleared that, open port in a application is too vulnerable than we think. Issues such as improper authentication, remote code execution or buffer overflow flaws were the vulnerabilities that exists in the application, which has a open vulnerable port present in it. Also, using a cloud service, which is affordable to scan the complete network will display the list of vulnerable devices exposed on the internet.

And the team says that these vulnerabilities can be exploited to cause severe damage to users like remotely stealing contacts, photos, and even security credentials, and also performing sensitive actions such as malware installation and malicious code execution.The only viable solution is to uninstall those insecure apps that opens insecure ports. Also, using a efficient firewall helps to avoid these issues.

#OpenPort #APPS #PORTFlaw #DataLeak #Tunerdesk