Due to various backdoor functionalities in many apps, attackers could attack Android devices from afar with serious consequences.Reading time:1 min.Save in pocketreadPrint viewread comments47posts
Academics from The Ohio State University and the CISPA – Helmholtz Center for Information Security have analyzed 150,000 Android apps on back doors and some of them have had hair-raising results. In some cases, attackers could gain full control over smartphones with comparatively little effort.
The researchers have kept the names of the examined apps secret for security reasons. According to their own information, the respective providers have notified them.
The scientists claim to have analyzed the 100,000 most popular apps on Google Play. 20,000 apps come from third-party app stores and 30,000 are preinstalled on Samsung devices. In Google’s official app store, they came across 6800 apps with backdoor functions. With Samsung devices, this was the case with 4800 pre-installed apps.
Undocumented remote access
According to the academics, 12,706 of the tested apps have backdoor functionalities. They used the specially developed InputScope tool for their analyzes. In doing so, they analyzed, among other things, input fields for the apps.
In some cases, you can enter known passwords in debug menus here, where attackers could do dangerous things. For example, the researchers came across secret access keys, master passwords and secret commands. Overall, they rate the results as “worrying”.
In a remote maintenance app that is widely used with 10 million installations, they discovered a master password that could be used by attackers to gain access to the device, even if the owner of a lost device blocked it.
With a special access key in a screen locker app with 5 million installations, attackers could reset passwords of smartphone owners and thus unlock the device. These are just a few selected cases. Further information can be found in the results of the study . ( of )