Off the wire
27 IS militants killed in airstrikes in western Iraq  • Gold registers 37 pct of Sudan's exports in 2016: ministry  • Burkina Faso's Nikiema wins 14th int'l cycling race of Benin  • Israel urges U.S. to transfer embassy to Jerusalem  • Libyan prime minister meets with elders  • Iraqi paramilitary forces continue new push to free IS-held border areas in west of Mosul  • Russia delivers 5 tonnes of humanitarian aid to Syria in past 24 hours: Defense Ministry  • 2nd LD: Exit polls show Merkel's CDU wins key German state election  • 1st LD: Exit polls show Merkel's CDU wins key German state election  • Americans remain divided on Trump's firing of FBI chief Comey: poll  
You are here:   Home

Smartphone security hole: "open port" backdoors: study

Xinhua, May 14, 2017 Adjust font size:

Latest study of the University of Michigan (UM) found that the "open ports" of an internet communication mechanism in mobile devices are much more vulnerable to security breaches than previously thought.

UM researchers have analyzed 24,000 popular mobiles apps to arrive at this finding, and posted the results on the website of UM.

The researchers found that open port backdoors could be exploited to steal private information such as contacts, security credentials and photos; to remotely control a device; to perform a denial of service attack; or to inject malicious code that could jumpstart widespread, virus-like attacks.

They have identified 410 apps with dangerous insecurities, and 956 different individual ways those insecurities could be exploited.

The vulnerability the researchers highlighted is most pronounced in Android apps that let users share data across devices and connect to their phones from their computers.

The researchers found that more than half of the usage of open ports in the apps they studied is unprotected, and the unprotected nature shows a general lack of awareness of the problem.

Investigating the fundamental causes behind this general vulnerability, the researchers found that it is exposed by popular ways open ports are used in the smartphone ecosystem, rather than poor implementation of apps.

Open ports are integral pieces of internet infrastructure that allow computer programs to accept packets of information from remote servers. It is safe in traditional computers because computers' Internet Protocol addresses don't change.

The researchers have identified certain steps app developers can take to mitigate the vulnerability, and reported the vulnerabilities to affected app developers.

Smartphones also use open ports to receive certain types of information. But because of the way mobile networks are structured, phones' IP addresses can change as they move through the world. This and other factors relating to mobile architecture lead to these vulnerabilities, the researchers say. Endit