Monday, October 19, 2020
Home Lead Story Majority of Smartphone Apps Contain "Backdoor Secrets" Which Allow Hackers To Access...

Majority of Smartphone Apps Contain “Backdoor Secrets” Which Allow Hackers To Access Private Data

According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat

Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users.

“The study’s findings: that the apps on mobile phones might have hidden or harmful behaviours about which end users know little to nothing,” said study author Zhiqiang Lin from the Ohio State University in the US.

“Typically, mobile apps engage with users by processing and responding to user input. For instance, users often need to type certain words or sentences or click buttons and slide screens. Those inputs prompt an app to perform different actions,” Lin added.

Please Follow NewsGram on Twitter To Get Latest Updates From Around The World!

For this study, the team evaluated 150,000 apps. They selected the top 100,000 based on the number of downloads from the Google Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones.

They found that 12,706 of those apps, about 8.5 per cent, contained something the research team labelled “backdoor secrets” – hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users. They also found that some apps have built-in “master passwords,” which allow anyone with that password to access the app and any private data contained within it.

And some apps, they found, had secret access keys that could trigger hidden options, including bypassing payment. “Both users and developers are all at risk if a bad guy has obtained these ‘backdoor secrets,’. In fact, motivated attackers could reverse engineer the mobile apps to discover them,” Lin said.

Hackers
Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users. Pixabay

According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. “A key reason why mobile apps contain these ‘backdoor secrets’ is because developers misplaced the trust,” said study lead author Qingchuan Zhao.

To truly secure their apps developers need to perform security-relevant user-input validations and push their secrets on the backend servers. In addition, the research team have developed an open-source tool, named InputScope, to help developers understand weaknesses in their apps and to demonstrate that the reverse engineering process can be fully automated.

ALSO READ: Price Of Smartphones increase in India Due To GST Hike

The study was accepted for publication by the 2020 IEEE Symposium on Security and Privacy in May. The conference has been moved online because of the global coronavirus (COVID-19) outbreak. (IANS)

STAY CONNECTED

19,120FansLike
362FollowersFollow
1,782FollowersFollow

Most Popular

1 in 3 Indian Call Centres to Permanently Switch to Work From Home

Signalling the future of work in the pandemic times, nearly one in three call centres (27 per cent) in India will switch permanently to...

Here’s How You Can Improve Both Physical and Cognitive Health

Daily exercise, along with nutrient-enriched beverages, can do wonder with improving both physical and cognitive health, researchers have discovered. While exercise alone improved strength and...

Microsoft Set to Release New AI-Based Noise Suppression Tool in Teams

As more and more people work from home and at times have no control over jarring sounds in the background, Microsoft is set to...

Why President Trump and PM Modi are so Fiercely Opposed by the Left and Islamists

By Maria Wirth “Í prefer Trump to Hillary”, I told a German friend in the run up to the US elections in 2016. There was...

Hackers Imitated Microsoft the Most in Q3 2020: Report

Hackers imitated Microsoft the most to lure people into giving up their personal data or payment credentials in the third quarter of this year,...

Clearing a Forest to Grow a Forest in Order to Overcome Delhi’s Pollution

By Rahul Kumar It is that time of the year again-when the weather is pleasant but the city is polluted. Air quality has shown a...

Marijuana May Help Reduce Lung Inflammation Linked to Covid-19 Death

After reporting earlier this summer that marijuana ingredient cannabidiol, or CBD, may help reduce cytokine storm and excessive lung inflammation linked to Covid-19 deaths,...

Uber Introduces Masks Verification Selfie Policy

Ride-hailing major Uber on Monday introduced a new safety policy which will request riders, who have been tagged for not wearing masks on a...

Recent Comments