App Flaw Leads to Hacker’s Dream: Back Doors in Smartphones

Hackers scan for open “ports” on a regular basis and the defenseless internet connection on a potential victim’s device could be the way a cyber criminal gets to work. And according to Wired, smartphones have open ports as well due to certain apps, which may end up being the reason a hacker gains access to an Android phone, and ultimately your corporate data.

Several University of Michigan researchers reportedly found hundreds of applications in the Google Play store that do something most wouldn’t predict. These apps basically turn devices into servers and enables a user to connect to a phone from a PC. However, by doing that a user is then allowing the app to leave an open port behind along with the chance for an attacker to make a move. A hacker could use that port to steal data or install malware.

“Android has inherited this open port functionality from traditional computers, and many applications use open ports in a way that poses vulnerabilities,” Yunhan Jia, one of the Michigan researchers, told Wired. “If one of these vulnerable open port apps is installed, your phone can be fully taken control of by attackers.”

The group of researchers produced a software tool to help learn more about the problem as a whole: the OPAnalyzer or Open Port Analyzer. The tool is used to scan app codes in the Google Play app store. The researchers found that 1,632 applications left open ports behind on smartphones, and about 410 of those were found to have weak or no protection. Approximately 57 of those were manually analyzed and it was confirmed that they left ports open and ready for any hacker.

It’s possible that there are more exploits out there, Zhiyun Qian, a computer scientist at the University of California at Riverside, told Wired.

“When a phone’s IP address is publicly visible on the internet—a situation that depends on whether the phone is connected to Wi-Fi and the user’s carrier—the attacker can simply scan for open ports from anywhere, and start attacking that vulnerable phone,” Wired reported.

What this means is that it’s more important than ever to have the right tools in place to protect your corporate data. Take a look at our Mobility Management Buyer’s Guide to find a solution for your potential security problem.