Never miss a story

Get subscribed to our newsletter


×
According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. Pixabay

Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users.

“The study’s findings: that the apps on mobile phones might have hidden or harmful behaviours about which end users know little to nothing,” said study author Zhiqiang Lin from the Ohio State University in the US.


“Typically, mobile apps engage with users by processing and responding to user input. For instance, users often need to type certain words or sentences or click buttons and slide screens. Those inputs prompt an app to perform different actions,” Lin added.

Please Follow NewsGram on Twitter To Get Latest Updates From Around The World!

For this study, the team evaluated 150,000 apps. They selected the top 100,000 based on the number of downloads from the Google Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones.

They found that 12,706 of those apps, about 8.5 per cent, contained something the research team labelled “backdoor secrets” – hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users. They also found that some apps have built-in “master passwords,” which allow anyone with that password to access the app and any private data contained within it.

And some apps, they found, had secret access keys that could trigger hidden options, including bypassing payment. “Both users and developers are all at risk if a bad guy has obtained these ‘backdoor secrets,’. In fact, motivated attackers could reverse engineer the mobile apps to discover them,” Lin said.


Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users. Pixabay

According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. “A key reason why mobile apps contain these ‘backdoor secrets’ is because developers misplaced the trust,” said study lead author Qingchuan Zhao.

To truly secure their apps developers need to perform security-relevant user-input validations and push their secrets on the backend servers. In addition, the research team have developed an open-source tool, named InputScope, to help developers understand weaknesses in their apps and to demonstrate that the reverse engineering process can be fully automated.

ALSO READ: Price Of Smartphones increase in India Due To GST Hike

The study was accepted for publication by the 2020 IEEE Symposium on Security and Privacy in May. The conference has been moved online because of the global coronavirus (COVID-19) outbreak. (IANS)


Popular

Pexels

Narakasura's death is celebrated as 'Naraka Chaturdashi' popularly known as Choti Diwali

Diwali is arguably one of the most auspicious and celebrated holidays in South Asia. It is celebrated over the span of five days, where the third is considered most important and known as Diwali. During Diwali people come together to light, lamps, and diyas, savour sweet delicacies and pray to the lord. The day has various origin stories with the main them being the victory of good over evil. While the North celebrates the return of Lord Rama and Devi Sita to Ayodhya, the South rejoices in the victory of Lord Krishna and his consort Satyabhama over evil Narakasura.

Narakasura- The great mythical demon King

Naraka or Narakasur was the son of Bhudevi (Goddess Earth) and fathered either by the Varaha incarnation of Vishnu or Hiranyaksha. He grew to be a powerful demon king and became the legendary progenitor of all three dynasties of Pragjyotisha-Kamarupa, and the founding ruler of the legendary Bhauma dynasty of Pragjyotisha.

Keep Reading Show less
Wikimedia Commons

Safety-pins with charms

For all the great inventions that we have at hand, it is amazing how we keep going back to the safety pin every single time to fix everything. Be it tears in our clothes, to fix our broken things, to clean our teeth and nails when toothpicks are unavailable, to accessorize our clothes, and of course, as an integral part of the Indian saree. Safety pins are a must-have in our homes. But how did they come about at all?

The safety pin was invented at a time when brooches existed. They were used by the Greeks and Romans quite extensively. A man named Walter Hunt picked up a piece of brass and coiled it into the safety pin we know today. He did it just to pay off his debt. He even sold the patent rights of this seemingly insignificant invention just so that his debtors would leave him alone.

Keep Reading Show less
vaniensamayalarai

Sesame oil bath is also called ennai kuliyal in Tamil

In South India, Deepavali marks the end of the monsoon and heralds the start of winter. The festival is usually observed in the weeks following heavy rain, and just before the first cold spell in the peninsula. The light and laughter that comes with the almost week-long celebration are certainly warm to the bones, but there is still a tradition that the South Indians follow to ease their transition from humidity to the cold.

Just before the main festival, the family bathes in sesame oil. This tradition is called 'yellu yennai snaana' in Kannada, or 'ennai kuliyal' in Tamil, which translates to 'sesame oil bath'. The eldest member of the family applies three drops of heated oil on each member's head. They must massage this oil into their hair and body. The oil is allowed to soak in for a while, anywhere between twenty minutes to an hour. After this, they must wash with warm water before sunrise.

Keep reading... Show less