100 Million Android Users Are At Risk Of Hack From A Chinese SDK Vulnerability
A vulnerability has been found in a software development kit provided by Chinese company Baidu on Sunday, Nov.1. Thousands of Android apps are found to be using the infected SDK. Security firms have found that the vulnerability provides a backdoor access for hackers to take control of users' devices from afar and that the vulnerability can easily be exploited.
Trend Micro has pointed out the flaw to Baidu and Android owner Google. According to Trend Micro's report, the vulnerability puts about 100 million Android users at risk. The said SDK, Moplus, is found to be affected by a malware called Wormhole and has been used by 14,112 Android apps. When exploited, the vulnerability lets attackers open an HTTP server on devices where the apps in question are installed. The server accepts invitations from anyone because it does not require authentication, according to PC World.
Once a request has been sent, the hacker can have control over the device and steal data from it. By putting in a special command, Wormhole enables the attacker to "remotely make phone calls, send bogus messages and install arbitrary apps without the user's consent." Trend Micro has also stressed that the device containing the infected app/s just has to be connected to the internet to risk being exposed to the hack.
There are 4,014 affected apps that have come from Baidu. The Chinese search giant has been reported to have released a new version of the software development kit. Baidu has claimed that the new version is free of the easy-to-exploit backdoor access. Other apps require third-party developers to issue fixes for the vulnerability, to ensure that the apps are now free of the backdoor.
Trend Micro has continued investigating the Wormhole vulnerability, and while Wormhole does provide a backdoor, the findings show that Moplus has backdoor functionalities, which may not be related to the vulnerability. For users, Trend Micro suggests removing the affected apps from their devices and recommends using Trend Micro's own security app.
Bug Bounty Hunter Discovers Severe Authentication Bypass in Apple's Servers and Earns $100,000
A bug bounty hunter has discovered an authentication bypass bug that could've led to user accounts getting hijacked! They earned a whopping $100,000!
How to Make Money Ordering Your Own Food from DoorDash: Man Bought $24 Pizza From Itself for $16
A restaurant owner decided to trick the system and was able to find a way to make money off of DoorDash by ordering food from his own restaurant!
Wireless Is The Way To Go And These Chargers Are The Best Of The Bunch
Charge up and free up your devices with these best wireless chargers available on Amazon that were made to be efficient in both cost and output.
YouTube Music Update for Android: Add Songs and Albums to Your Library without Subscribing
The YouTube Music application for Android has just added another update that could make things easier for its users. Users no longer have to subscribe so that they can add songs or albums to their library!
Don't Take Any Chances: Wireless Home Security Cameras for the Safety of Your Family
Although the chances of infiltration are fairly slim, it is still very important that you safeguard your family with all you've got! Here are a few wireless home security cameras that could help you.
MORE IN ITECHPOST
How to Effectively Support Your Business Customers
Today, managed service providers (MSPs) must deploy effective and fast solutions to optimize their efficiency.
Here's How You Can Watch The SpaceX Starlink 7 Launch That's Happening Tonight
The Starlink 7 launch will be sent into orbit aboard a Falcon 9 rocket soon. If you're interested in watching the launch of 60 satellites into orbit, then here's how to watch it yourself.
Game Developer Star Theory Employees Poached After Canceled Contract With Game Publisher Take-Two
Star Theory employees were relieved of their game developing duties. Take-Two game developer tries to poach Star Theory employees.