A group of researchers from the University of Michigan have conducted a study according to which, many Android applications that are deployed to connect mobiles to PCs via WiFi, all leave some ports open and poorly secured. This serves to leave the device open to exploitation.
These devices number in the hundreds and according to the researchers, are easily available via the Google Play. Some notable names include Wifi File Transfer, that has as many as 10 million Android downloads. Yes, it has the the same sort of vulnerabilities as well.
To arrive at the conclusions for their research, the team from the University of Michigan conducted a scan on over 100,000 popular android applications. Out of these apps, as many as 1,632 created open ports to connect to PCs and out of these, 410 apps had security ranging from extremely weak to zilch. What’s more, 57 applications left ports that could easily be manipulated by hackers, totally open.
Some of the most popular applications on the list included Wifi File Transfer. The app boasts of around 10 million user downloads on Google Play and allows users to connect a PC to a phone through an open port via Wi-Fi. However, the app has little to no protection and it was discovered that if someone with ill intent was to gain access to this port (which is already open) they would be able to cause all sorts of mischief including a stealing data, including contacts or photos, or even install malware upon your device.
Another hugely popular app that was reported to have some issues was AirDroid. The University of Michingan researchers notified the company of the bugs that were leaving the app vulnerable to external hackers and the team responded quickly, fixing the issue. So Airdroid is safe now. However, this does raise some serious questions about how vulnerable we could be without ever realizing it. Sure Google has a big tole to play but, it can’t do everything. So, what we need to do is ensure that we are ourselves aware of what is taking place around us and take precautions accordingly.
And of course, stay tuned to the TechPortal.
