Can Hackers get access to your phones via backdoor?
By MYBRANDBOOK
Researchers of cybersecurity have discovered that a large number of mobile phone applications contain hard coded 'backdoor secrets' that allow hackers to access private data or block content provided by users.
“The research claims that the apps on mobile phones might have hidden or harmful behaviours about which end users know little to nothing," said study author Zhiqiang Lin from the Ohio State University in the US.
"Typically, mobile apps engage with users by processing and responding to user input. For instance, users often need to type certain words or sentences or click buttons and slide screens. Those input prompt an app to perform different actions," Lin added.
For this study, the team evaluated 150,000 apps. They selected the top 100,000 based on the number of downloads from the Google Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones.
They discovered that 12,706 of those apps, about 8.5%, contained something the research team labelled "backdoor secrets" - hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users.
They also found that some apps have built-in "master passwords," which allow anyone with that password to access the app and any private data contained within it. And some apps, they found, had secret access keys that could trigger hidden options, including bypassing payment.
"Both users and developers are all at risk if a bad guy has obtained these 'backdoor secrets,'. In fact, motivated attackers could reverse engineer the mobile apps to discover them," Lin said. According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. "A key reason why mobile apps contain these 'backdoor secrets' is because developers misplaced the trust," said study lead author Qingchuan Zhao.
To truly secure their apps developers need to perform security-relevant user-input validations and push their secrets on the backend servers. In addition, the research team have developed an open-source tool, named InputScope, to help developers understand weaknesses in their apps and to demonstrate that the reverse engineering process can be fully automated. The study was accepted for publication by the 2020 IEEE Symposium on Security and Privacy in May. The conference has been moved online because of the global coronavirus (COVID-19) outbreak.
BREAKING NEWS
TECHNO TRENDS
Legal Battle Over IT Act Intensifies Amid Musk’s India Plans
The outcome of the legal dispute between X Corp and the Indian government c...
Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth
The agreement, executed through Wipro and its 100% subsidiary,...
Centre announces that DPDP Rules nearing Finalisation by April
The government seeks to refine the rules for robust data protection, ensuri...
Home Ministry cracks down on PoS agents in digital arrest scam
Digital arrest scams are a growing cybercrime where victims are coerced or ...
E-Magazine
TECHNOTAINMENT
Hrithik Roshan to endorse RuPay as Brand Ambassador
RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha
India Today Group launches – AI Pop Stars
Staying true to our industry leadership position in using cutting-edge tech
MOVERS & SHAKERS
TelioLabs ropes in Phaniraj V A as the Group CEO
TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE
Wipro Appoints Amit Kumar as Managing Partner and Global Head
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s
OPEN YOUR EYES
INTERVIEWS
Alpha Max offers high end solutions in the network space to en
The vision at Alpha Max is to attain quality as the trademark and create a
Autodesk continually pushing the boundaries in the Design and
Autodesk’s vision is of a better world designed and made for all. It inte
HOT PICK
MSI Announces the availability of RTX 50 series of laptops in
MSI, the innovative computing manufacturer in gaming, creator
Nothing Phone (3a) goes on sale today, starting at Rs 19,999
The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t
MAKE IN INDIA BRANDS
SECUREYE SERVICES PVT. LTD.
INFOSYS TECHNOLOGIES PVT. LTD.
SAMRIDDHI AUTOMATIONS PVT. LTD.
FRESHWORKS TECHNOLOGIES PVT. LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
ICONS OF INDIA : SOM SATSANGI
With more than three decades in the IT Sector, Som is responsible for ...
Icons Of India : Dr. Sanjay Bahl
Dr. Sanjay Bahl has around four decades of experience in the ICT indus...
Icons Of India : Anil Agarwal
Anil Agarwal, the Founder and Chairman of Vedanta Resources Ltd., is r...
PARTNER SPEAKERS
PSU
ITI - ITI LimitedÂ
ITI Limited is a leading provider of telecommunications equipment, sol...
HPCL - Hindustan Petroleum Corporation Ltd. Â
HPCL is an integrated oil and gas company involved in refining, market...
IREDA - Indian Renewable Energy Development Agency LimitedÂ
IREDA is a specialized financial institution in India that facilitates...
VIDEOS
Top 25 Brands
Global Indian industry
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...
Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi
Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporationâ€...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...
ITFORUM 2025
CMO of the Year
WOMEN LEADERSHIP
IMAGE GALLERY
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
of images belongs to the respective copyright holders
