A vulnerability has been found in a software development kit provided by Chinese company Baidu on Sunday, Nov.1. Thousands of Android apps are found to be using the infected SDK. Security firms have found that the vulnerability provides a backdoor access for hackers to take control of users' devices from afar and that the vulnerability can easily be exploited.
Trend Micro has pointed out the flaw to Baidu and Android owner Google. According to Trend Micro's report, the vulnerability puts about 100 million Android users at risk. The said SDK, Moplus, is found to be affected by a malware called Wormhole and has been used by 14,112 Android apps. When exploited, the vulnerability lets attackers open an HTTP server on devices where the apps in question are installed. The server accepts invitations from anyone because it does not require authentication, according to PC World.
Once a request has been sent, the hacker can have control over the device and steal data from it. By putting in a special command, Wormhole enables the attacker to "remotely make phone calls, send bogus messages and install arbitrary apps without the user's consent." Trend Micro has also stressed that the device containing the infected app/s just has to be connected to the internet to risk being exposed to the hack.
There are 4,014 affected apps that have come from Baidu. The Chinese search giant has been reported to have released a new version of the software development kit. Baidu has claimed that the new version is free of the easy-to-exploit backdoor access. Other apps require third-party developers to issue fixes for the vulnerability, to ensure that the apps are now free of the backdoor.
Trend Micro has continued investigating the Wormhole vulnerability, and while Wormhole does provide a backdoor, the findings show that Moplus has backdoor functionalities, which may not be related to the vulnerability. For users, Trend Micro suggests removing the affected apps from their devices and recommends using Trend Micro's own security app.