Can Hackers get access to your phones via backdoor?
By MYBRANDBOOK
Researchers of cybersecurity have discovered that a large number of mobile phone applications contain hard coded 'backdoor secrets' that allow hackers to access private data or block content provided by users.
“The research claims that the apps on mobile phones might have hidden or harmful behaviours about which end users know little to nothing," said study author Zhiqiang Lin from the Ohio State University in the US.
"Typically, mobile apps engage with users by processing and responding to user input. For instance, users often need to type certain words or sentences or click buttons and slide screens. Those input prompt an app to perform different actions," Lin added.
For this study, the team evaluated 150,000 apps. They selected the top 100,000 based on the number of downloads from the Google Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones.
They discovered that 12,706 of those apps, about 8.5%, contained something the research team labelled "backdoor secrets" - hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users.
They also found that some apps have built-in "master passwords," which allow anyone with that password to access the app and any private data contained within it. And some apps, they found, had secret access keys that could trigger hidden options, including bypassing payment.
"Both users and developers are all at risk if a bad guy has obtained these 'backdoor secrets,'. In fact, motivated attackers could reverse engineer the mobile apps to discover them," Lin said. According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. "A key reason why mobile apps contain these 'backdoor secrets' is because developers misplaced the trust," said study lead author Qingchuan Zhao.
To truly secure their apps developers need to perform security-relevant user-input validations and push their secrets on the backend servers. In addition, the research team have developed an open-source tool, named InputScope, to help developers understand weaknesses in their apps and to demonstrate that the reverse engineering process can be fully automated. The study was accepted for publication by the 2020 IEEE Symposium on Security and Privacy in May. The conference has been moved online because of the global coronavirus (COVID-19) outbreak.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
RELIANCE JIO INFOCOMM LTD.
TAC SECURITY SOLUTIONS
BHARAT ELECTRONICS LTD.
DIGISOL SYSTEMS LTD.
Technology Icons Of India 2023: Kumar Mangalam Birla
Aditya Birla Group chairman Kumar Mangalam Birla’s return to Vodafon...
Technology Icons Of India 2023: Honorary Prof. N. Balakrishnan
Prof. N. Balakrishnan is an Indian aerospace and computer scientist. H...
Technology Icons Of India 2023: B.V.R. Subrahmanyam
B.V.R. Subrahmanyam belongs to Andhra Pradesh. He is a 1987-batch IAS ...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
ITI Limited widening its focus area
ITI Limited is a public sector undertaking company, has manufacturing ...
RailTel connecting every corner of India
RailTel is an ICT provider and one of the largest neutral telecom infr...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
IVALUE INFOSOLUTIONS PVT. LTD.
: iValue Info Solutions is a value added distributor, provides solutio...