Wired wrote:For hackers, scanning for an open “port”—a responsive, potentially vulnerable internet connection on a would-be victim’s machine—has long been one of the most basic ways to gain a foothold in a target company or agency. As it turns out, thanks to a few popular but rarely studied apps, plenty of smartphones have open ports, too. And those little-considered connections can just as easily give hackers access to tens of millions of Android devices.
A group of researchers from the University of Michigan identified hundreds of applications in Google Play that perform an unexpected trick: By essentially turning a phone into a server, they allow the owner to connect to that phone directly from their PC, just as they would to a web site or another internet service. But dozens of these apps leave open insecure ports on those smartphones. That could allow attackers to steal data, including contacts or photos, or even to install malware.
“Android has inherited this open port functionality from traditional computers, and many applications use open ports in a way that poses vulnerabilities,” says Yunhan Jia, one of the Michigan researchers who reported their findings at the IEEE European Symposium on Security and Privacy. “If one of these vulnerable open port apps is installed, your phone can be fully taken control of by attackers.”
continue reading...
Please let us know your comments here!