A sweeping study by U-M researchers of an internet communication mechanism common in mobile devices has revealed that so-called ‘open ports’ are much more vulnerable to security breaches than previously thought. The vulnerability is most pronounced in Android apps that let users share data across devices and connect to their phones from their computers. One app, called Wifi File Transfer, has been downloaded more than 10 million times.
Open port backdoors could be exploited to steal private information such as contacts, security credentials and photos; to remotely control a device; to perform a denial of service attack; or to inject malicious code that could jumpstart widespread, virus-like attacks. “When choosing an app whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely—without physically accessing it—we recommend being extra careful. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.