Home Lead Story Majority of S...

Majority of Smartphone Apps Contain “Backdoor Secrets” Which Allow Hackers To Access Private Data

According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat

0
Hackers
According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. Pixabay

Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users.

“The study’s findings: that the apps on mobile phones might have hidden or harmful behaviours about which end users know little to nothing,” said study author Zhiqiang Lin from the Ohio State University in the US.

“Typically, mobile apps engage with users by processing and responding to user input. For instance, users often need to type certain words or sentences or click buttons and slide screens. Those inputs prompt an app to perform different actions,” Lin added.

Please Follow NewsGram on Twitter To Get Latest Updates From Around The World!

For this study, the team evaluated 150,000 apps. They selected the top 100,000 based on the number of downloads from the Google Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones.

They found that 12,706 of those apps, about 8.5 per cent, contained something the research team labelled “backdoor secrets” – hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users. They also found that some apps have built-in “master passwords,” which allow anyone with that password to access the app and any private data contained within it.

And some apps, they found, had secret access keys that could trigger hidden options, including bypassing payment. “Both users and developers are all at risk if a bad guy has obtained these ‘backdoor secrets,’. In fact, motivated attackers could reverse engineer the mobile apps to discover them,” Lin said.

Hackers
Cybersecurity researchers have discovered that a large number of mobile phone applications contain hardcoded ‘backdoor secrets’ allowing hackers to access private data or block content provided by users. Pixabay

According to the study, developers often wrongly assume reverse engineering of their apps is not a legitimate threat. “A key reason why mobile apps contain these ‘backdoor secrets’ is because developers misplaced the trust,” said study lead author Qingchuan Zhao.

To truly secure their apps developers need to perform security-relevant user-input validations and push their secrets on the backend servers. In addition, the research team have developed an open-source tool, named InputScope, to help developers understand weaknesses in their apps and to demonstrate that the reverse engineering process can be fully automated.

ALSO READ: Price Of Smartphones increase in India Due To GST Hike

The study was accepted for publication by the 2020 IEEE Symposium on Security and Privacy in May. The conference has been moved online because of the global coronavirus (COVID-19) outbreak. (IANS)

Next Story

This Hacker Group is Selling User Data From 10 Firms For INR 13.6 Lakh Approx

The same hacker group was also behind selling a database of 22 million user records form online learning platform Unacademy on the Dark Web

0
Hackers
The hacker group is known as ShinyHunters, the same group behind breaching private repositories on Microsoft-owned GitHub (the hacker is believed to have acquired around 1,200 private repositories) and Tokopedia. Pixabay

A hacker group is selling data of 10 companies including online dating app Zoosk, US newspaper Star Tribune and food delivery service Chef that contains over 73 million user records over the Dark Web for $18,000 (nearly Rs 13.6 lakh).

Other companies are printing service Chatbooks, South Korean fashion platform SocialShare, online marketplace Minted, online newspaper Chronicle of Higher Education, South Korean furniture magazine GGuMim, health magazine Mindful and Indonesia online store Bhinneka, reports ZDNet. The listed databases have 73.2 million user records, with each database sold separately.

Please Follow NewsGram on Facebook To Get Latest Updates From Around The World!

The hacker group is known as ShinyHunters, the same group behind breaching private repositories on Microsoft-owned GitHub (the hacker is believed to have acquired around 1,200 private repositories) and Tokopedia, Indonesia’s largest online store where a database of over 90 million user records was sold. A Microsoft spokesperson was quoted as saying that the company is investigating the incident.

The same hacker group was also behind selling a database of 22 million user records form online learning platform Unacademy on the Dark Web. Bengaluru-based edtech firm Unacademy said the all the sensitive data of its users was safe and the company was addressing the security issue.

Hackers
A hacker group is selling data of 10 companies including online dating app Zoosk, US newspaper Star Tribune and food delivery service Chef that contains over 73 million user records over the Dark Web for $18,000 (nearly Rs 13.6 lakh). Pixabay

“We would like to assure our users that no sensitive information such as financial data or location has been breached,” said Hemesh Singh, Co- Founder and CTO, Unacademy. Encouraged by the profits from the Tokopedia sale, the same group has now listed the databases of 10 more companies.

“Some believe the ShinyHunters group has ties to Gnosticplayers, a hacker group that was active last year that sold more than one billion user credentials on dark web marketplaces, as it operates on a nearly identical pattern,” according to the report.

ALSO READ: 14-Day Home Quarantine Compulsory for Keralites Returning From Other States: Kerala CM

BleepingComputer reported that cyber intelligence firm ZeroFox informed them that Shiny Hunters had begun selling databases for the meal kit delivery service HomeChef, photo print service ChatBooks, and Chronicle.com, a news source for higher education. (IANS)

Next Story

MediaTek to Launch Improved 5G-Integrated Chip for Smartphones

Improved 5G-integrated chip for smartphones unveiled by MediaTek

0
5G mobile chip
Improved 5G-integrated chip unveiled by MediaTek. Pixabay

Taiwanese fabless semiconductor company MediaTek has unveiled an improved version of its flagship 5G chipset called Dimensity 1000+ with upgraded features for gaming, video and power efficiency.

The Dimensity 1000+ is based on the same core hardware as the Dimensity 1000 and showcases an incredible, flagship-grade user experience for smartphone users globally.
“The single chip integrates in a suite of world-leading innovations in 5G connectivity and power-efficiency, plus unique display, video and gaming technologies that make it stand out,” Yenchi Lee, Assistant General Manager of MediaTek’s wireless communications business unit said in a statement.

The MediaTek Dimensity 1000+ supports 144Hz refresh rate screens with resolution maxing out at 1080p+ and up to a 21:9 aspect ratio.

It uses the latest MiraVision technologies to improve per frame picture quality.

5G chip
Improved 5G chip introduced by Mediatek. Pixabay

Similar to its predecessor, the Dimensity 1000+ is built on a 7nm process and features an identical 5G modem.

MediaTek has added something called “5G UltraSave”, a built-in power saving mechanism that can dynamically switch between different power states to maximize the battery life.

There are also new technology additions to HyperEngine 2.0 to optimise the phone for a more fluid and immersive gaming experience.

Also Read: Shower Your Mom With Love this Mother’s Day with Airbnb

It comes with a Resource Management Engine to intelligently manage CPU, GPU and memory resources, an upgraded Networking Engine for call and data concurrency, an intelligent switch between 5G and 4G networks based on application needs. (IANS)

Next Story

Smartphone Users Beware! You May Reveal Personal Information Online

Smartphone users more likely to reveal personal info online

0
smartphone
Smartphone users know this effect well -- when using their phones in public places, they often fixate so intently on its content that they become oblivious to what is going on around them. Pixabay

People are more willing to reveal personal information about themselves online using their smartphones compared to desktop computers, says a study.

The study, published in the Journal of Marketing, suggests that the device people use to communicate can affect the extent to which they are willing to disclose intimate or personal information about themselves.

For example, tweets and reviews composed on smartphones are more likely to be written from the perspective of the first person, to disclose negative emotions, and to discuss the writer’s private family and personal friends.

Likewise, when consumers receive an online ad that requests personal information (such as phone number and income), they are more likely to provide it when the request is received on their smartphone compared to their desktop or laptop computer, said the study.

smartphone
Using both automated natural-language processing tools and human judgements of self-disclosure, the researchers found robust evidence that smartphone-generated content is indeed more self-disclosing. Pixabay

“Writing on one’s smartphone often lowers the barriers to revealing certain types of sensitive information for two reasons; one stemming from the unique form characteristics of phones and the second from the emotional associations that consumers tend to hold with their device,” said the co-author Shiri Melumad from University of Pennsylvania

First, one of the most distinguishing features of phones is the small size; something that makes viewing and creating content generally more difficult compared with desktop computers.

Because of this difficulty, when writing or responding on a smartphone, a person tends to narrowly focus on completing the task and become less cognizant of external factors that would normally inhibit self-disclosure, such as concerns about what others would do with the information.

Smartphone users know this effect well — when using their phones in public places, they often fixate so intently on its content that they become oblivious to what is going on around them.

The second reason people tend to be more self-disclosing on their phones lies in the feelings of comfort and familiarity people associate with their phones.

“Because our smartphones are with us all of the time and perform so many vital functions in our lives, they often serve as ‘adult pacifiers’ that bring feelings of comfort to their owners,” Melumad added.

Please follow NewsGram on Twitter to get updates on the latest news

The downstream effect of those feelings shows itself when people are more willing to disclose feelings to a close friend compared to a stranger or open up to a therapist in a comfortable rather than uncomfortable setting.

smartphone
When consumers receive an online ad that requests personal information (such as phone number and income), they are more likely to provide it when the request is received on their smartphone compared to their desktop or laptop computer. Pixabay

“Similarly, when writing on our phones, we tend to feel that we are in a comfortable ‘safe zone.’ As a consequence, we are more willing to open up about ourselves,” said study co-author Robert Meyer from University of Pennsylvania.

The findings are based on analyses of thousands of social media posts and online reviews, responses to web ads, and controlled laboratory studies.

Also Read- Video Meet App Zoom Misleads People With 300mn Users Claim, Later Corrects “Oversight”

Initial evidence came from analyses of the depth of self-disclosure revealed in 369,161 tweets and 10,185 restaurant reviews posted on TripAdvisor.com, with some posted on PCs and some on smartphones.

Using both automated natural-language processing tools and human judgements of self-disclosure, the researchers found robust evidence that smartphone-generated content is indeed more self-disclosing. (IANS)