100 Million Android Users Are At Risk Of Hack From A Chinese SDK Vulnerability
A vulnerability has been found in a software development kit provided by Chinese company Baidu on Sunday, Nov.1. Thousands of Android apps are found to be using the infected SDK. Security firms have found that the vulnerability provides a backdoor access for hackers to take control of users' devices from afar and that the vulnerability can easily be exploited.
Trend Micro has pointed out the flaw to Baidu and Android owner Google. According to Trend Micro's report, the vulnerability puts about 100 million Android users at risk. The said SDK, Moplus, is found to be affected by a malware called Wormhole and has been used by 14,112 Android apps. When exploited, the vulnerability lets attackers open an HTTP server on devices where the apps in question are installed. The server accepts invitations from anyone because it does not require authentication, according to PC World.
Once a request has been sent, the hacker can have control over the device and steal data from it. By putting in a special command, Wormhole enables the attacker to "remotely make phone calls, send bogus messages and install arbitrary apps without the user's consent." Trend Micro has also stressed that the device containing the infected app/s just has to be connected to the internet to risk being exposed to the hack.
There are 4,014 affected apps that have come from Baidu. The Chinese search giant has been reported to have released a new version of the software development kit. Baidu has claimed that the new version is free of the easy-to-exploit backdoor access. Other apps require third-party developers to issue fixes for the vulnerability, to ensure that the apps are now free of the backdoor.
Trend Micro has continued investigating the Wormhole vulnerability, and while Wormhole does provide a backdoor, the findings show that Moplus has backdoor functionalities, which may not be related to the vulnerability. For users, Trend Micro suggests removing the affected apps from their devices and recommends using Trend Micro's own security app.
Samsung Galaxy S8 vs Xiaomi Mi 6: Head-to-head Specs Shootout
Samsung's Galaxy S8 and Xiaomi's Mi 6 are high-end phones. Both phones boast of top-tier looks and powerful hardware.
Google Pixel XL vs Essential Phone vs Galaxy S8: Specs Comparison
Comparing the new Essential smartphone spec by spec with the big beasts of the phone market right now.
New Malware Infects 36.5 Million Android Devices
Almost 36.5 million Android devices have been affected with a new malware dubbed as "Judy". It has been found in 41 apps on the Google Play.
Google Pixel 2 Is Coming, New Details & Release Date Leaked!
The search giant is already preparing itself for the launch of the Google Pixel 2. The new device is expected to arrive around October 2017 packed with thrilling specs and features.
Android Co-founder's Mysterious Smartphone Could Be iPhone 8 And Galaxy S8's Nightmare
Andy Rubin and his startup is expected to unveil its secret smartphone in a few days but, this early, it's already giving Apple and Samsung goosebumps.
MORE IN ITECHPOST
Mobile Phone App Designed to Boost Physical Activity in Women Shows Promise in Trial
Activity trackers and mobile phone apps are all the rage, but do they really help users increase and maintain physical activity? A new study has found that one mobile phone app designed for inactive women did help when combined with an activity tracker and personal counseling.
AI and High-Performance Computing Extend Evolution to Superconductors
Materials by design: Argonne researchers use genetic algorithms for better superconductors.
Owners of thoroughbred stallions carefully breed prizewinning horses over generations to eke out fractions of a second in million-dollar races. Materials scientists have taken a page from that playbook, turning to the power of evolution and artificial selection to develop superconductors that can transmit electric current as efficiently as possible.