A group of security researchers from the University of Michigan ( Yunhan Jack Jia, Qi Alfred Chen, Yikai Lin, Chao Kong, and Prof. Z. Morley Mao) discovered a security hole in hundreds of applications in Google Play Store that could be exploited by hackers to steal data from and even deliver malicious code on millions of Android devices.
The issue affects all the applications that open ports and don’t properly manage them due to insecure coding practices of the development teams. Usually, mobile applications open ports to allow the communications with other entities, for example, to exchange data with a web service, clearly these ports are a potential entry point for hackers in presence of a vulnerability like authentication flaws, buffer overflow vulnerabilities, or a remote code execution issues.
The researchers devised a tool called OPAnalyzer that was used to scan more than 100,000 Android applications and discovered 410 potentially vulnerable applications. The potential impact of the issue is severe because the applications have been downloaded between 10 and 50 Million times and at least one mobile app comes pre-installed on Android smartphones.
“From the identified vulnerable usage, we discover 410 vulnerable applications with 956 potential exploits in total. We manually confirmed the vulnerabilities for 57 applications, including popular ones with 10 to 50 million downloads on the official market, and also an app that is pre-installed on some device models.” reads the research paper (“Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications“) published by the experts “These vulnerabilities can be exploited to cause highly-severe damage such as remotely stealing contacts, photos, and even security credentials, and also performing sensitive actions such as malware installation and malicious code execution.”
The most common issue is related to the apps like WiFi File Transfer, which allow users to connect to a port on their smartphone via Wi-Fi in order to transfer files from a mobile device to a computer. However, applications like WiFi File Transfer require attackers to share the same network as the target, this means that only users accessing a public Wi-Fi network or a compromised private network are at risk.
Initially, the researchers made a port scanning in its campus network, and in just 2 minutes they found a large number of potentially exposed devices.
The researchers published several PoC videos for a number of attack scenarios.
Researchers concluded that the best way to protect mobile devices from open ports attack is to uninstall those mobile apps that open insecure ports, or in an alternative, to protect these applications behind a firewall.
(Security Affairs – open port attack, mobile)